Skip to content

Add a DNS request route

You can resolve requests for external domain names through DNS servers on your network using DNS request routes.

You must set Sophos Firewall to act as a DNS server. To do this, configure your DNS settings under Network > DNS > DNS configuration.

If you want to resolve domain names through an alternate DNS server rather than forwarders or root servers, you can configure a DNS request route for that server. If a cache lookup fails, the DNS query isn't forwarded to forwarders or root servers. Instead, it's routed to the target servers added in the request route entry.


If you've configured internal DNS servers and want external domain names to be resolved by them, you can add routes to the internal DNS servers for those domain names. This decreases the internet traffic over the network and speeds up DNS client requests, as queries aren't forwarded outside the network.

  1. Go to Network > DNS.
  2. Scroll to the DNS request route section and click Add.
  3. Specify the settings.

    Option Description
    Host/Domain name Enter the domain for which you want to use the internal DNS server.
    Target servers Select the DNS servers to use to resolve the domain specified above. You can search for a server by typing the server name in the host list. If the server doesn't exist, you can create it. Sophos Firewall attempts to resolve the domain from the selected hosts in the order specified.

    You can add a maximum of eight IP addresses.
  4. Click Save.