Create DNS Relay Profile elements

DNS Relay Profile elements contain the host name mappings, domain-specific DNS servers, fixed domain answers, and DNS answer translations that the firewall uses when it provides DNS services to the internal network.

If you do not want to define custom settings, you can use the predefined Cache Only DNS Relay Profile element.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Browse to Other Elements > Engine Properties > DNS Relay Profiles.
  3. Right-click DNS Relay Profiles, then select New DNS Relay Profile.
  4. In the Name field, enter a unique name.
  5. Configure options in one or more of the following sections:
    • Host Name Mappings — Statically map host names, aliases for host names, and unqualified names (a host name without the domain suffix) to IPv4 or IPv6 addresses.
    • Domain-Specific DNS Servers — Forward DNS requests to different DNS servers depending on the requested domain.
    • Fixed Domain Answers — Direct requests for specific domains to IPv4 addresses, IPv6 addresses, fully qualified domain names (FQDNs), or empty DNS replies.
    • DNS Answer Translations — Map IPv4 addresses resolved by external DNS servers to IPv4 addresses in the internal network.
    Note: You can add a maximum of 250 rows to the DNS Relay Profile element.
  6. Click OK.

DNS Relay Profile Properties dialog box

Use this dialog box to define and configure custom settings for DNS Relay.

Note:

Each section is optional, but you must configure settings in at least one section. If you do not want to define custom settings, use the predefined Cache Only DNS Relay Profile element.

You can add a maximum of 250 rows to the DNS Relay Profile element.

Option Definition
Name Specifies the name of the element.
Comment An optional comment for your own reference.
Category Click Select to include the element in predefined categories.
Option Definition
Host Name Mappings section
IP Address Double-click the cell and enter the static IPv4 or IPv6 address of the host.
Host Names Double-click the cell and enter one or more host names or aliases to map to the IPv4 or IPv6 address. Separate multiple values with commas.
Add Adds a row to the table.
Remove Removes the selected row.
Option Definition
Domain-Specific DNS Servers section
Domain Name Double-click the cell and enter the domain name.
DNS IP Addresses Double-click the cell and enter one or more IPv4 or IPv6 addresses of the DNS servers that are used to resolve this domain. Separate multiple values with commas.
Add Adds a row to the table.
Remove Removes the selected row.
Option Definition
Fixed Domain Answers section
Domain Name Double-click the cell and enter the domain name.
IP Address / Domain Name Double-click the cell and enter the IPv4 address, IPv6 address, or fully qualified domain name (FQDN) to return when the domain specified in the Domain Name field is requested.

The record type (A, AAAA, or PTR) is automatically detected based on whether you enter an IPv4 address, IPv6 address, or domain name.

If you do not enter a value, the default value of No such domain is used. The firewall returns an empty DNS reply. The client receives the same response as for domains for which no DNS record is found.

Add Adds a row to the table.
Remove Removes the selected row.
Option Definition
DNS Answer Translations section
Original IPv4 Address Double-click the cell and enter the external IPv4 address that the firewall receives in DNS replies.
Translated IPv4 Address Double-click the cell and enter the IPv4 address in the internal network that the firewall provides to clients.
Add Adds a row to the table.
Remove Removes the selected row.