Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual

Page 108

Advertising
background image

Chapter 8

Configuration of network services

108

Enable DNS forwarding

The DNS module allows forwarding of certain DNS requests to specific DNS servers. This

feature can be helpful for example when we intend to use a local DNS server for the local

domain (the other DNS queries will be forwarded to the Internet directly — this will speed

up the response). DNS forwarder’s settings also play role in configuration of private networks

where it is necessary to provide correct forwarding of requests for names in domains of remote

subnets (for details, check chapter

23

).

Request forwarding is defined by rules for DNS names or subnets. Rules are ordered in a list

which is processed from the top. If a DNS name or a subnet in a request matches a rule, the

request is forwarded to the corresponding DNS server. Queries which do not match any rule

are forwarded to the “default” DNS servers (see above).

Note: If Simple DNS resolution is enabled (see below), the forwarding rules are applied only if

the DNS module is not able to respond by using the information in the hosts system file and/or

by the DHCP lease table.

Clicking on the Define button in the DNS module configuration (see figure

8.1

) opens a dialog

for setting of rules concerning forwarding of DNS queries.

Figure 8.3

Specific settings of DNS forwarding

The rule can be defined for:

DNS name — queries requiring names of computers will be forwarded to this DNS

server (so called A queries)

a subnet — queries requiring IP addresses of the particular domain will be forwarded

to the DNS server (reverse domain — PTR queries)

Rules can be reordered by arrow buttons. This enables creating of more complex combinations

of rules — e.g. exceptions for certain workstations or subdomains. As the rule list is processed

from the top downwards, rules should be ordered starting by the most specific one (e.g. name

of a particular computer) and with the most general one at the bottom (e.g. the main domain

of the company). Similarly to this, rules for reversed DNS queries should be ordered by subnet

mask length (e.g. with 255.255.255.0 at the top and 255.0.0.0 at the bottom). Rules for

Advertising
Popular Brands
Popular manuals