This article applies to our On-Premise Appliance Filter and Firewall product only, not to Cloud.
Domain Name System (DNS) services translate domain names into IP addresses, so users can access websites. By default, Smoothwall will use the internal DNS server unless a different one has been specified during installation. You can:
- Change Smoothwall to use an external server. You might do this if you have a cluster of Smoothwalls.
- Apply a load balancing pool to a specific DNS server to ensure that connections from your Internet Service Provider (ISP) are sent to their own DNS server. See Add a new DNS forwarder.
- Add a list of additional DNS servers for specific domains. For example, an Active Directory domain might query an internal DNS server for internal host names, rather than an external server. See Add a new conditional DNS forwarder.
- Add static DNS hosts so that the DNS proxy can override or add to external DNS resolutions. Smoothwall resolves static host names regardless of whether the DNS proxy service is turned on.
Step 1: Set your Global DNS settings
- Go to Network > Configuration > DNS.
- In the Global section, select the System DNS resolver.
- System internal DNS server: Follow the instructions in Step 2: Set up a System internal DNS server.
- User defined: Enter the IP addresses of the Primary and Secondary DNS servers.
- Select Save changes.
Step 2: Set up a System internal DNS server
If you selected System internal DNS server, follow these instructions to configure the details for the DNS server that the DNS proxy uses to resolve DNS requests.
Add a new DNS forwarder
- In the DNS forwarders section, select Add new DNS forwarder.
- In the Server IP addresses section, for the Selected objects field, do one of two things:
- Enter the Server IP addresses, and select Save selected objects as a group to reuse this list as an address object.
- Select the down arrow, then the relevant DNS IP addresses or ranges.
- For the Link Load Balancing pool or Local IP address dropdown, select:
- A load balancing pool if the DNS server isn't globally reachable.
- Default to use the Default LLB pool configured on the Source NAT & LLB policies page.
- Select Add.
Add a new conditional DNS forwarder
- In the Conditional DNS forwarders section, select Add new conditional DNS forwarder.
- From the Server IP drop-down, select the IP address of the domain-specific DNS server.
- Enter the Domains that belong to this DNS server.
Note
To add reverse lookup zones, the format is: ip.subnet.in-addr.arpa
With the subnet reversed, a 192.168.10.0/24 subnet would be: 10.168.192.in-addr-arpa - Select Add.
Add a new static DNS Host
- In the Static DNS hosts section, select Add new static DNS host.
- In the Host IP addresses section, for the Selected objects field, do one of two things:
- Enter the Host IP addresses and select Save selected objects as a group to reuse this list as an address object.
- Select the down arrow and select the relevant DNS IP addresses or ranges.
- Enter the Hostnames to be resolved from the IP addresses. You can either enter a single hostname or list multiple hosts with each host on a new line.
- Select Add.
Step 3: Add a Firewall Access rule
For network devices to use the Smoothwall DNS proxy service, create a Firewall Access rule for their interface to connect over port 53.
Delete or edit a forwarder or host
Important
Changing or deleting an item in the Conditional DNS forwarders table doesn't edit or delete anything in the DNS forwarders table and vice versa. Make changes to the item in each table if required.
- Go to Network > Configuration > DNS.
- Hover over the item.
- Select Edit or Delete.
- If you selected Edit, make the necessary changes, then select Save changes.