We have a new site in tampa (we're based in buffalo NY) and everything works well except for the DNS name resolution. Everything goes over the IPSEC VPN back to our site for services like AD and DNS.
I had a look at the dns config, and I believe this to be the problem. There really isnt a wan zone configured, everything goes out the vpn zone. but yet, the dns is configured for WAN (I didn't set this up btw).
So obviously if the wan zone isnt used, we can't use it for dns. Those IPs are for the ISPs dns servers, but they can't be pinged from the sonicwall, so it's obviously part of the issue.
My first thought is to reconfigure using the top radio button to specify dns servers manually, but I really don't want to mess anything up here, and fear that maybe there's just a rule missing instead. This config was basically copied from our other site in FL, but obviously something needs to be reconfigured.
This sonicwall is in an office building where our edge leads to other building network topology, so that might add to the complication. This is the reason all traffic comes over our vpn.
I mostly am looking for some guidance so I don't break it and make the site inaccessible. Thank you ahead of time.
EDIT- here is the DHCP configuration. Interface x0 is the local LAN network. w0:V5 is the vpn connection back to our office in NY. The hosts on the network (BonitaDell) can browse the internet, but cannot be accessed from out Buffalo Office by hostname, only by IP. In the second screenshot, the IPs configured there are correct for our DNS servers in NY- those are the correct DNS servers clients on the FL LAN should be using. Any ideas?
The settings you show us is the DNS settings of the sonicwall itself, for it's use, not for the DHCP setting the Sonicwall publish to your LAN computer.
It use it when in example an IP scan you, you can see the reverse DNS on the entry, and for the Service section of the Sonicwall, like Gateway antivirus and such where the Sonicwall get signature upstream from Sonicwall servers.
The idea there is that the Sonicwall can have like 10 subnet behind him, and each zone DHCP can handle the DNS's query on their wanted server you define, but your sonic itself need a DNS for reporting.
The settings you don't show us is your DHCP Server section, in that section you can tell if the client computer get those DNS, or get other DNS that you set for the correct server. It's where I think you have a error.
See there for an example:
DHCP Server setting :
If you click the edit button, you see the DNS's settings you give to your computers there;
Make sure into that screen that you define it manually to what you need. As you can see you can define any set of DNS server to any zone you have, and make sure you set the domain name too inside that windows. It will set the FQDN correctly for your computer
The solution was:
Add a rule From LAN to VPN to allow all. Change DNS settings to manually utilize our internal dns servers (rather than automatically from WAN).