Domain Zone Forwarders not working

nick_patchett

Has anyone use Domain Zone Forwarders on the Flex H range to direct specific requests to different DNS servers?

I have had to open a ticket as it doesnt appear to be working on my FLEX 700H when directing DNS requests for the nhs.uk domain to a DNS server accessible via an IPSEC VPN.

My static routes are in and working as DNS resolution works ok if I statically assign the DNS servers to my laptop.

PeterUK

Did you have this problem with a non H model of USG?

nick_patchett

This is a brand new installation so there has never been any other firewall installed.

PeterUK

I think I have seen this problem before which it can't be done due to you not being able to set Query Via VPN I think I worked out a workaround I see if I can find the post....

PeterUK

can't find this old post about.

So this is a site to site VPN?

nick_patchett

Yeah it's an IPSEC VPN and I need to query a DNS server at the other end of a tunnel.

This is how I've set it up

PeterUK

You seem to have a VTI setup but I don't see how to set it up I got no add button

nick_patchett

The VTI was created automatically when I created the IPSEC VPN

PeterUK

I see different to other models so the setup is site to site Route-Based not Policy-Based

PeterUK

SO I finally got it setup with VTI between FLEX200H and USG60W to by Bind server for DNS and it works here.

Their was I static route that was added but I removed it does not seem to need it

Is your VTI Setting Local IP setup for your LAN subnet with a IP not in use?

what is the remote end IP Address Assignment set to for VTI?

nick_patchett

The VTI was all automatically configured by the 700H and is set to a 169 address