Zyxel DHCP client does not honour NO DNS

PeterUK
PeterUK Posts: 2,655  Guru Member
First Anniversary 10 Comments Friend Collector First Answer
edited September 2022 in Security

Zywall 110 V4.72(AAAA.0)ITS-22WK28-r104687

USG60 V4.72(AAKY.0)ITS-22WK35-r105124

Come across this bug where a Zywall 110 running the DHCP server has no DNS IP set for clients and a USG60 as DHCP client receives the offer and ACK with no DNS IP yet the USG60 puts in a DNS IP for Domain Zone Forwarder in config > system > DNS of the gateway IP of the DHCP server when I do not want it too.

Is thier a way to stop this? Thanks

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @PeterUK,

    The issue can be reproduced in lab test.
    We are checking internally, please wait for my update.

  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    It be nice to disable any added DNS to Zywall so that the Zywall has to do lookups by recursion root servers.


  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    As confirmed, if DHCP server does not provide DNS server option to gateway, gateway will take server identifier as default DNS server. This network scenario is relatively rare in practice. We would suggest to set up static IP on WAN interface and manually add DNS zone forwarder for your network.
  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    But the Zywall can do DNS without adding a DNS in Domain Zone Forwarder which is what I want you can test this yourself with static IP which is what I'm doing as a backup DNS but was looking to do DHCP for some interfaces.

  • jasailafan
    jasailafan Posts: 189  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Do you want zywall to do DNS lookup by recursion root servers assuming the DHCP server does not provide DNS options?
  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Yes without any added Domain Zone Forwarder
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @PeterUK,
    Could you share more information about this scenario in practice.
    Just wondering about why you need gateway to do the DNS query by recursion root servers?

  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    Because why not? I have a bind setup doing this but should that system go down I fail over to the USG60 to do the DNS


  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited October 2022

Security Highlight