No default DNS for WAN1 on USG40
StefanLogar
Posts: 9 Freshman Member
Hi, Experts!
I have problems concerning the default DNS for internal use of our USG40. In LAN everything works correct, DHCP-Clients get the correct DNS Servers, ...
But when I try to download firmware-files for APs or when calling a NSLOOKUP from the Diagnostic-Networkprogrammes, I get errors "Device can't connect to cloud servers" or ";; connection timed out; no servers could be reached"
WAN: fixed IP
DNS: 2 forwarders entered
in DNS under default I see N/A, on the EasyMode overview Screen I see DNS: N/A
0
Accepted Solution
-
5
All Replies
-
@StefanLogar
Welcome to Zyxel CommunityIf the USG Wan type is static IP it does not have DNS server by default, you need to set up DNS server for USG.Go to “Configuration > System > DNS > Domain Zone forward”, click “Add” button to add DNS server for name query.0 -
@Zyxel_Cooldia, thank you for your reply, but, as mentioned in post 1, I have two entries for "Domain Zone Forwarder" - the DNS-Servers of my ISP. However, from the USG40 they seem not to be acknowledged.
0 -
Hi @StefanLogarIf network tool shows “connection timed out; no servers could be reached” it means device not received reply from server side.Can you take a screen shot of your DNS zone forwarder setting?0
-
Hi, @Zyxel_Stanley, thank you for your help!My DNS settings (sorry, it's in German):My situation is as follows:- USG40 is behind the main router from our ISP- we use L2TP/IPSec for VPN-Connections- the internal network is working as expected, except of DNS, which I additionally to System>DNS had to enter manually into the LAN1-DHCP configuration- Internet is without limitation reachable from any LAN1-client- from USG40 (terminal) I can ping any host in LAN1- from USG40 I can ping the fixed external IP of the ISP-Router (xxx.xxx.xxx.xxx) but NOT(!) the internal IP of it (192.168.2.254)- USG40 is connected to ISP-router at WAN1, IP 192.168.2.100/24Best regards and thank you for any hint!0
-
Hi @StefanLogar
We have not saw this issue before due to your client can receive DNS result from server successfully.
I will send you private message to check this issue much details.
0 -
- USG40 is connected to ISP-router at WAN1, IP 192.168.2.100/24
Do you change the default ip address of lan2 to any other ip network to avoid the conflict with WAN1 ?
0 -
0
-
Hi to all!I have found the following symptom now:
- All DNS queries from inside LAN1 are successful, as they have the source 192.168.2.100 (WAN1 IP).
- DNS-queries from USG itself have timeouts, because they have the source xxx.xxx.xxx.xxx (ISP-Routers public IP)
Maybe any new idea?
Thanks i.a.0 -
hi @StefanLogar
is your external ISP Router (IP looks like AVM default IP) ?be carefull, ifh your USG40W and the ISP Router acting as SNAT Router device.With double SNAT you can have some side effects included
I've a USG between LAN and DMZ Zone and behind a Layer7 Firewall, that is connected with the ISP Modem.
i have disabled SNAT (Source-NAT) but .... your ISP router require the information, about the subnets on your USG to send reply packages to the WAN1 interface on the USG.
DNS -> normaly your ISP Router is acting as DNS forwarder, too.I've the ZYWALL DNS-Zone-forwarder pointed to my external ISP-Firewall IP trough WAN1.
This is working well, and my ISP Firewall forward all packages to the known DNS Server from my ISP.Regards and Good luck to AustriaChristian0 -
@StefanLogar ,
Does the public IP(88.xxx.xxx.xxx) bind with a PPPoE interface on USG40 ?
Or it's an 1-1 NAT set on ISP-router to map to wan1 of USG40 ?
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight