Networking: Full DNS Server
It would be nice if Astaro could be used as a fully-functional DNS server with backward look up zones and all.
At the moment SOHO networks with no internal DNS server are unable to perform reverse DNS and other features.
Would it be possible to allow full configuration of DNS server via WebAdmin? So I could add zone files (including the importing of already existing files), make full customization of named.conf file via WebAdmin, slave dns zones, etc etc etc... I would like to know this because I have desire to slave OpenNIC (do NOT confuse this with OpenDNS) by operating my own T2 server ... [Visit http://opennicproject.org/howtos/72-running-an-opennic-teir-2 for more information]
It would be nice to be able to setup the Astaro firewall as a secondary server for my internal Network Zone along with zone transfers from my internal DNS server. Only internal interface to have access
Craig Longford (DeltaWolf7) commented
I would have to agree fully. I use the Sophos UTM at home and its wonderful apart from DNS issues with nix devices. All the Windows boxes can find each other by name but devices running things like Android can't find systems and servers by name.
This can be fixed using a dedicated DNS server but its a waste when so easily added to the UTM.
This is mandatory, even if it was only limited to only 1000 entries since I need to setup cname over-rides for various search sites to work correctly/safely in https mode. I'm looking at you google....
As it is I can't consider this product at any price.
I'd love to have a fully working in-built DNS server as well. The lack of the feature really breaks configurations and requires an administrative overhead, i.e. running a dedicated system just for name resolution.
still waiting for!
Robert Hafner commented
Wow, I can't believe this *isn't* a feature yet. This is kind of disgusting on Sophos part.
Sophos, we still waiting for it.
still waiting for!
Currently, it's a limitation of utm that only one ip address is allowed per static host. If you want to allocate static ip addresses for a laptop which has wired and wireless NICs, this means you have to create two static hosts. This uses two of the allowed number of hosts when there is actually only one physical host. Even if there is not a "full DNS server", this limitation should be fixed.
Leen Keus commented
This feature request is here now for several years, why is it so difficult? I have installed 2 FreeNAS systems (1 backup), but we could not reach them because of this lack. I had to install a Linux machine with dnsmasq to solve this problem. Please solve it!
christian kueppers commented
That´s what I´m looking for. Can´t be difficult.UTM is now creating a zone in BIND for every host and reverse entry, regardsless the DNS-Suffix.
Dave Crumbacher commented
At a minimum, supporting reverse DNS would be very helpful.
One more thing... I would prefer this (since by slaving OpenNICs root zone) I would avoid having to set DNS forwarders, and can instead receive DNS info/traffic from OpenNIC... I have tested this fully on Bind before, and would like this in Astaro. :)
This way, using OpenNIC as my trusted ROOT server... I trust OpenNIC fully, as I have used them previously (but using an already existing T2 server is a bit slow... Using my own is VERY FAST).
This is especially important as Astaro supports IPv6, and it would be really nice if it could automatically create IPv6 reverse DNS for RADVD clients.
Bob Alfson commented
Also, the ability to create multiple A records for an FQDN. That would solve a long-standing problem with Network Definitions. At present, it's not possible to create a network which is a list of IPs; each IP must be assigned to a separate Host definition, and then the separate definitions loaded into a Network Group. If it were possible to assign multiple IPs in a static DNS mapping, a 'DNS Group' Network Definition would solve the problem cleanly.
Andreas Melcher commented
I would suggest looking into http://cr.yp.to/djbdns.html for this task. There is a single program for each DNS task so that all duties are separated as one would like to have on a firewall. Furthermore the config files are already prepared to be worked on by programs. Most important: this tool has an extremely low memory and performance footprint which makes it usable even in the smallest boxes.
Would like a option to create internal zone both forward and reverrse so internal DNS would not be needed. There is another reqest for full fuction DNS so I will support that reqest as it more accurately reflects what I am asking for
Lotus Domino/Notes user has many cases that install an SMTP relay server and an outside public DNS server in the DMZ. There is a demand to want to use those functions in Astaro, and want to remove a DNS/SMTP relay server in the DMZ.
Poul Petersen commented
In a few words, there are two reasons:
1) Allowing the branch offices to be authoritative reduces load on the central server
2) Caches expire, an authoritative slave can continues to function indefinitely.
This is a required feature especially for the home use market. Everyone now has an access point and several devices in the home.