Domain zone forwarder through tunnel
Ally Member
In FLEX (non H) series I was able to add a Domain Zone Forwarder in DNS to an IP-Address behind a tunnel. So the other site could resolve server.domain.local for example. I could select Private DNS Server then and then it mentioned "query via tunnel".
In FLEX H Series I don't have that option anymore, can only select one of the interfaces, but not tunnel. How can I resolve this? Do I have to work through routing rule?
All Replies
-
So I think the only way to resolve this is to setup VTI then you can select the VTI for DNS query via option.
0 -
Zyxel Melen0
-
Hmm ok, is there a reason why this is now like this? Will have to test this out. Or will it in future firmwares be possible again to do it the old way?
1 -
I would hope you be able to do it the way you did before but currently the FLEX H is still on going development.
0 -
It's the 3rd issue I have with my upgrades/new installations to FLEX H series…(done 5 so far)
In a way it doesn't feel like complete product, but I like it because of the full Nebula integration.
My issues so far:
- At first no EXT-GROUP-USER available to connect AD → solved now
- No 2FA possible with EXT-GROUP-User → waiting for firmware update?
- Domain zone forwarder through tunnel → workaround as mentioned above maybe, but if it's in the roadmap to be solved soon, I prefer to wait. However I will need it at another client in may/june.
1 -
Sorry for the delayed reply; I was checking the information/solution to your questions.
No 2FA possible with EXT-GROUP-User → waiting for firmware update?
About this one, we won't implement this function for EXT-GROUP-User.
For the not device local users, there has an alternate way for 2FA:
💡Duo Security Authentication Integration Guide — Zyxel Community
Domain zone forwarder through tunnel → workaround as mentioned above maybe, but if it's in the roadmap to be solved soon, I prefer to wait. However I will need it at another client in may/june.
This feature is in our feature list, but schedule is TBD. So… you will need to set route-based VPN for your client in may/june.
Zyxel Melen0 -
Hi,
I do have similar issue, and I'm not familar on how this "VTI" setup should be done. It's not my intension to "hijack" from thread starter, but can anyone guide me in the direction on how to do this "VTI" setup?
Thank you.
Best regards Ole
0 -
I have for this moment solved it by adding manual DNS records in DNS Server on Firewall
2 -
Thank you for replying.
myserver1 - mydomain.local - IP 1.1.1.1
myserver2 - mydomain.local - IP1.1.1.2Like that for each server?
0 -
Yes indeed, that will work :) If only couple of servers have to be reachable it will be much easier to implement this way then through VTI.
You could also point DNS Server in your DHCP to Domain controller in other site, but all DNS traffic will pass through tunnel then.
0
Guru Member
Zyxel Employee
Freshman Member
Categories
- All Categories
- 442 Beta Program
- 2.9K Nebula
- 219 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.5K Security
- 588 USG FLEX H Series
- 344 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 52 Wireless Ideas
- 7K Consumer Product
- 298 Service & License
- 476 News and Release
- 91 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 87 About Community
- 102 Security Highlight
