DNS Server: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
No edit summary
 
Line 1: Line 1:
<span style="display:none" class="helpSource network_dns_server">DNS_Server</span>
<span style="display:none" class="helpSource network_dns_server">DNS_Server</span>


= DNS Server =
The DNS Server settings configure the DNS server running on the NG Firewall server. These settings do NOT affect any DNS traffic passing through NG Firewall, only DNS traffic to the NG Firewall server.
 
The DNS Server settings configure the DNS server running on the Untangle server. These settings do NOT effect any DNS traffic passing through Untangle, only DNS traffic to the untangle server.


{{TriScreenshot|config|network|dns-server}}
{{TriScreenshot|config|network|dns-server}}


It is not required to use the DNS server on Untangle, however it is often desired on small networks because the Untangle server will cache DNS for the entire network. If Untangle is configured 'as a router' where it is providing DHCP to clients on the internal network, the default is to provide the Untangle server as the DNS server.
It is not required to use the DNS server on NG Firewall, however it is often desired on small networks because the NG Firewall server will cache DNS for the entire network. If NG Firewall is configured 'as a router' where it is providing DHCP to clients on the internal network, the default is to provide the NG Firewall server as the DNS server.


== Static DNS Entries ==
== Static DNS Entries ==


Static DNS Entries are entries that will always resolve to the address provided. Often this is useful for servers hosted internally. For example, if your mail server is local you can add a static entry for mail.mycompany.com to its internal IP (like 192.168.1.20). This means machines using Untangle for DNS will resolve this hostname to the internal IP and communicate with it directly.
Static DNS Entries are entries that will always resolve to the address provided. Often this is useful for servers hosted internally. For example, if your mail server is local you can add a static entry for mail.mycompany.com to its internal IP (like 192.168.1.20). This means machines using NG Firewall for DNS will resolve this hostname to the internal IP and communicate with it directly.


== Domain DNS Servers ==
== Domain DNS Servers ==
Line 17: Line 15:
Often certain domain need to be resolved using certain DNS servers instead of the DNS servers configured on the WAN interfaces. For example you may want all queries to "*.mycompany.local" to go to the local DNS server for resolution. ''Domain DNS Servers'' allow you to specify that all queries matching ''domain'' go to the specified server. For example, if all *.example.com queries should go to 192.168.1.20, then you can add an entry for ''Domain'' = ''example.com'' with ''Local Server'' = ''192.168.1.20''.  
Often certain domain need to be resolved using certain DNS servers instead of the DNS servers configured on the WAN interfaces. For example you may want all queries to "*.mycompany.local" to go to the local DNS server for resolution. ''Domain DNS Servers'' allow you to specify that all queries matching ''domain'' go to the specified server. For example, if all *.example.com queries should go to 192.168.1.20, then you can add an entry for ''Domain'' = ''example.com'' with ''Local Server'' = ''192.168.1.20''.  


In this scenario, the Untangle NGFW and all those using the Untangle NGFW for DNS resolution will have the matching queries resolved through the specified server. For example, If someone using the Untangle server for DNS resolves aaa.example.com this DNS query will be forwarded to 192.168.1.20 instead of Untangle's upstream DNS servers configured in the WAN interface settings.
In this scenario, the NG Firewall and all those using the NG Firewall for DNS resolution will have the matching queries resolved through the specified server. For example, If someone using the NG Firewall server for DNS resolves aaa.example.com this DNS query will be forwarded to 192.168.1.20 instead of NG Firewall's upstream DNS servers configured in the WAN interface settings.


This can also be used to tell NGFW how to do reverse DNS lookups using ''in-addr.arpa'' as the domain. For example if you wish 172.16.*.* reverse DNS queries to go to 192.168.1.10, then set the Domain of "16.172.in-addr.arpa" and the Local Server of "192.168.1.10". If you wish for 10.*.*.* reverse DNS queries to go to "1.2.3.4" then set the Domain to "10.in-addr.arpa" and the Local Server of "1.2.3.4".
This can also be used to tell NGFW how to do reverse DNS lookups using ''in-addr.arpa'' as the domain. For example if you wish 172.16.*.* reverse DNS queries to go to 192.168.1.10, then set the Domain of "16.172.in-addr.arpa" and the Local Server of "192.168.1.10". If you wish for 10.*.*.* reverse DNS queries to go to "1.2.3.4" then set the Domain to "10.in-addr.arpa" and the Local Server of "1.2.3.4".

Latest revision as of 16:39, 3 May 2022

The DNS Server settings configure the DNS server running on the NG Firewall server. These settings do NOT affect any DNS traffic passing through NG Firewall, only DNS traffic to the NG Firewall server.

It is not required to use the DNS server on NG Firewall, however it is often desired on small networks because the NG Firewall server will cache DNS for the entire network. If NG Firewall is configured 'as a router' where it is providing DHCP to clients on the internal network, the default is to provide the NG Firewall server as the DNS server.

Static DNS Entries

Static DNS Entries are entries that will always resolve to the address provided. Often this is useful for servers hosted internally. For example, if your mail server is local you can add a static entry for mail.mycompany.com to its internal IP (like 192.168.1.20). This means machines using NG Firewall for DNS will resolve this hostname to the internal IP and communicate with it directly.

Domain DNS Servers

Often certain domain need to be resolved using certain DNS servers instead of the DNS servers configured on the WAN interfaces. For example you may want all queries to "*.mycompany.local" to go to the local DNS server for resolution. Domain DNS Servers allow you to specify that all queries matching domain go to the specified server. For example, if all *.example.com queries should go to 192.168.1.20, then you can add an entry for Domain = example.com with Local Server = 192.168.1.20.

In this scenario, the NG Firewall and all those using the NG Firewall for DNS resolution will have the matching queries resolved through the specified server. For example, If someone using the NG Firewall server for DNS resolves aaa.example.com this DNS query will be forwarded to 192.168.1.20 instead of NG Firewall's upstream DNS servers configured in the WAN interface settings.

This can also be used to tell NGFW how to do reverse DNS lookups using in-addr.arpa as the domain. For example if you wish 172.16.*.* reverse DNS queries to go to 192.168.1.10, then set the Domain of "16.172.in-addr.arpa" and the Local Server of "192.168.1.10". If you wish for 10.*.*.* reverse DNS queries to go to "1.2.3.4" then set the Domain to "10.in-addr.arpa" and the Local Server of "1.2.3.4".