DNS settings on a Smoothwall have multiple options used differently based on how it's been deployed. DNS settings are found in the "Network - Configuration - DNS" menu. There are two global options:
- System internal DNS server
- User defined
System internal DNS server
This option tells the Smoothwall to use its own DNS proxy service as the main DNS resolver. When you select this option, you need to also configure the forwarders for the DNS proxy. You should use this option in the following deployments:
- Smoothwall as Firewall/Router
- Smoothwall needs to connect to multiple separate Active Directories without a common DNS service.
When you use this option, Smoothwall can also be used as the DNS server for clients. This is useful when Smoothwall is the gateway for a BYOD network, for example. You need an open port 53 in the Smoothwall in the "Network - Firewall - Smoothwall access" section for the interface on the BYOD network and set the BYOD DHCP settings to use the IP address of the Smoothwall on the BYOD network as DNS.
Forwarder options
There are two forwarder options:
- DNS Forwarders
This is used to configure the main forwarders used by the Smoothwall DNS proxy service. Generally, this will be upstream ISP DNS servers. Upstream servers can't resolve internal Active Directory DNS hosts, which is what the conditional forwarders are used for. - Conditional DNS forwarders
In addition to the main forwarders, the conditional forwarders are used to inform the DNS proxy service about internal DNS domains. Additionally, this can be used for reverse lookup zones.
A typical setup for the forwarders should look like this:
DNS forwarders: ISP DNS IP addresses, Google DNS server IP addresses.
Conditional DNS forwarders: Multiple entries can be made here, one for each internal DNS server, containing the internal domain names. You can have multiple domains in one entry and you can add reverse lookup entries in the domains field as well.
Server IP:
Internal.dns.ip.address
Domains:
Internal.dns.domain.1
Internal.dns.domain.2
Reverse.in-addr.arpa
Note on reverse lookup zones
When adding reverse lookup zones, the format is:
ip.subnet.in-addr.arpa
With the subnet reversed, so for a 192.168.10.0/24 subnet the entry should be:
10.168.192.in-addr-arpa
For a 10.1.0.0/16 subnet the entry would be
1.10.in-addr.arpa
Optimize internal DNS servers
When Smoothwall is a DNS proxy, internal DNS servers can be configured to use the Smoothwall as a DNS forwarder, instead of using root hints. This is especially useful when Smoothwall is in a firewall deployment as it makes the Smoothwall a DNS cache for the entire network. Internal DNS servers will forward requests to Smoothwall for any non-internal domain and make use of the DNS cache on the Smoothwall system. This configuration will optimize the DNS resolution in the network.
User Defined
When you select this option, two DNS server fields will appear where you need to enter the DNS server addresses. Smoothwall will work like any other DNS client in your network and use the entered DNS servers for name resolution. This option should be used in the following deployments:
- Smoothwall as a web filter, in-line or not.
- Smoothwall in a cluster (unless multiple separate Active Directories are present)
This is a simpler method to configure, and Smoothwall cannot be used as a DNS server itself, when this option is configured.
We hope that you found this article useful. However, Smoothwall support is always ready to assist you if you have any further questions. Use the chat feature for quick questions.