Zyxel DHCP client does not honour NO DNS

PeterUK
PeterUK Posts: 1,492
50 Answers 1000 Comments Friend Collector Fifth Anniversary
 Guru Member
edited September 26 in Security

Zywall 110 V4.72(AAAA.0)ITS-22WK28-r104687

USG60 V4.72(AAKY.0)ITS-22WK35-r105124

Come across this bug where a Zywall 110 running the DHCP server has no DNS IP set for clients and a USG60 as DHCP client receives the offer and ACK with no DNS IP yet the USG60 puts in a DNS IP for Domain Zone Forwarder in config > system > DNS of the gateway IP of the DHCP server when I do not want it too.

Is thier a way to stop this? Thanks

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,052
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments
     Guru Member
    Hi @PeterUK,

    The issue can be reproduced in lab test.
    We are checking internally, please wait for my update.

  • PeterUK
    PeterUK Posts: 1,492
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member

    It be nice to disable any added DNS to Zywall so that the Zywall has to do lookups by recursion root servers.


  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,052
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments
     Guru Member
    As confirmed, if DHCP server does not provide DNS server option to gateway, gateway will take server identifier as default DNS server. This network scenario is relatively rare in practice. We would suggest to set up static IP on WAN interface and manually add DNS zone forwarder for your network.
  • PeterUK
    PeterUK Posts: 1,492
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member

    But the Zywall can do DNS without adding a DNS in Domain Zone Forwarder which is what I want you can test this yourself with static IP which is what I'm doing as a backup DNS but was looking to do DHCP for some interfaces.

  • jasailafan
    jasailafan Posts: 165
    5 Answers First Comment Friend Collector Fifth Anniversary
     Master Member
    Do you want zywall to do DNS lookup by recursion root servers assuming the DHCP server does not provide DNS options?
  • PeterUK
    PeterUK Posts: 1,492
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member
    Yes without any added Domain Zone Forwarder
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,052
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments
     Guru Member
    Hi @PeterUK,
    Could you share more information about this scenario in practice.
    Just wondering about why you need gateway to do the DNS query by recursion root servers?

  • PeterUK
    PeterUK Posts: 1,492
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member

    Because why not? I have a bind setup doing this but should that system go down I fail over to the USG60 to do the DNS


  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,052
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments
     Guru Member
    edited October 6

Security Highlight