You can configure the domain name system (DNS) services for the Smoothwall Filter and Firewall to use. The default behavior is to use the internal DNS server, unless one has been specified during installation.
A DNS resolver translates domain names back into IP addresses. You can configure the Smoothwall Filter and Firewall to either use its own internal DNS proxy to resolve domain names or specify an external server to use. The default behavior is to use the internal DNS server, unless one has been specified during installation.
The DNS proxy service is used to provide internal and external name resolution services for local network hosts. You can configure a list of DNS servers for the DNS proxy service to use when resolving requests. You can also apply a load balancing pool to a specific DNS server to make sure that connections from your Internet Service Provider (ISP) are sent to their own DNS server. Most ISPs need this to make sure that requests to their DNS servers are made over their connections. For network devices to use the Smoothwall Filter and Firewall DNS proxy service, you must make sure that an access rule for DNS, on port 53, exists for the interface they use to connect.
You can configure a list of additional DNS servers to override the DNS servers configured in the DNS forwarders table within specific domains. For example, an Active Directory domain might need to query an internal DNS server for internal host names, rather than an external server.
Adding static DNS hosts means that the DNS proxy can override, or add to, external DNS resolutions. Host name to IP address mappings affect all hosts using the DNS proxy. However, your installation of the Smoothwall Filter and Firewall might not be configured to use the DNS proxy.
Note: The Smoothwall Filter and Firewall resolves static host names regardless of whether the DNS proxy service is turned on.
Global DNS settings
To configure global DNS settings:
- On the NETWORK menu, under the Configuration submenu, click DNS.
- Under the Global section, choose the System DNS resolver:
- A DNS resolver translates domain names back into IP addresses. You can configure the Smoothwall Filter and Firewall to either use its own internal DNS proxy to resolve domain names or specify an external server to use. The default behavior is to use the internal DNS server, unless one has been specified during installation (see Software Installation).
- For the "System internal DNS server" option, you must make sure that you configure the details for the DNS server that the DNS proxy uses to resolve DNS requests.
- For the "User defined" option, enter the IP addresses of the Primary and Secondary DNS servers to use.
- Click Save changes.
Procedures
On the NETWORK menu, under the Configuration submenu, click DNS.
Adding new DNS forwarders
- Under the DNS forwarders section, click Add new DNS forwarder.
- Either enter the Server IP addresses or click the arrow and select the relevant DNS IP addresses, or ranges.
- To create a new address object that can be reused in other areas of the Smoothwall Filter and Firewall administration user interface without reentering each individual IP address, or address range, select the Save selected objects as group option.
- To assign a load balancing pool to this DNS server, from the Link Load Balancing pool or Local IP address list, select the relevant pool. If the DNS server isn't globally reachable, we recommend that you assign a load balancing pool. Alternatively, leave this option as Default to use the Default LLB pool configured on the Source NAT & LLB policies page.
- Enter a descriptive Comment and click Add.
Adding new conditional DNS forwarders
- Under the Conditional DNS forwarders section, click Add new conditional DNS forwarder.
- From the Server IP list, select the IP address of the domain-specific DNS server.
- Enter the Domains that belong to this DNS server.
- Enter a descriptive Comment and click Add.
Note: Deleting a DNS server from the Conditional DNS forwarders table doesn't remove it from the DNS forwarders table. To make sure that the DNS server isn't used by any network device, it should be removed from both tables.
Adding new static DNS Hosts
- Under the Static DNS host section, click Add new static DNS host.
- Either enter the Host IP addresses, or click the arrow and select the relevant DNS IP addresses, or ranges.
- To create a new address object that can be reused in other areas of the Smoothwall Filter and Firewall administration user interface without reentering each individual IP address, or address range, select the Save selected objects as group option.
- Enter the Hostnames to resolve from the IP addresses. You can either enter a single hostname, or list multiple hosts, each on a new line.
- Enter a descriptive Comment and click Add.
Follow-up task
- Create a rule for DNS with the interface network devices use to connect to the Smoothwall Filter and Firewall for the inbound interface and service of DNS proxy (53), see our help topic, Adding new Smoothwall access rules.