Split dns config

lgtl
lgtl Posts: 1
edited April 2021 in Security
I have a zywall usg20 with firmware version 3.30(BDQ.9) / 1.18 / 2016-11-22 09:50:31.
I have configured an Address/PTR record for a public available fqdn that when the users are in the office to resolve to the local server.
The public fqdn is test.myfqdn.org and is being used to map to an on premise service that the users must access remotely.
The myfqdn.org is the fqdn that serves our website.

In my record I add test.fqdn.org and the local ip of my on premise server e.g. 192.168.1.2

When I add this record the office users cannot access the myfqdn.org.
Using nslookup I access the dns server on the USG, I can resolve test.myfqdn.org but not the myfqdn.org.
I have a default forwarder with a * as Domain zone so it should have resolve.
If I remove my record then the users can resolve the myfqdn.org but the test.myfqdn.org resolves to the public ip as usual.

All Replies

  • PeterUK
    PeterUK Posts: 2,705  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    Yes I too see the same issue on Zywall 110 on V 4.62 the bad news is it might not be fixed on your old USG.

    The other way to fix this is to add Address/PTR myfqdn.org with IP along with test.myfqdn.org.

    Or run your own Bind DNS.


  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment

    Hi @lgtl,

    This is a limitation of current DNS design.

    You may create another PTR record for this.


    Here’s a KB article related to that topic;

    https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=015731&lang=EN

     

    Best regards.
  • PeterUK
    PeterUK Posts: 2,705  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    This limitation should be easy to fix should not a limitation to start with really.  

Security Highlight