Jump to:navigation, search
Wiki

UTM/APP/Nameserver-Allgemein

From Securepoint Wiki








































Last adaptation to the version: 14.0.1(01.2025)

New:
notempty
This article refers to a Beta version
Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115 Nameserver

In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden





















General Settings

General settings are made under Applications Nameserver  Area General.
Caption Value Description Nameserver UTMuser@firewall.name.fqdnAnwendungen Tab General
DNSSEC validation in resolver: Off notempty
Caution!
If DNSSEC Validation is enabled alongside Forward-Zones, it must be ensured that the domains corresponding to the forward zones can be validated within the global DNS or that they are added to the ignore domains list below. Replies corresponding to not globally registered domains are refused and lead to SERVFAIL replies for the domain in question.

When this function is activated, all DNS entries are resolved with DNSSEC without exception. This would also attempt a validation in the DNS hierarchy for only local addresses. However, due to the lack of uniqueness of the local address, it cannot be registered with higher-level DNS servers. An error message appears, the address is not resolved and the zone is therefore not accessible (using DNS).
This applies, for example, to .local domains!
Further information on the implementation of DNSSEC can be found here.
Allow DNS queries only from routed and VPN networks: On
Default		 By default, only DNS queries from the following sources are answered:
  • localhost
  • local networks
  • Networks that are routed via another gateway but do not contain a default route (or shared default route)
  • VPN transfer networks or Roadwarrior address pools
Off If DNS queries are to be answered from other external networks as well, this option must be disabled
Ignore Domains during DNSSEC Verificationnotempty
New as of v14.0
     Domains that should not be validated with DNSSEC
Resolve DHCP Domain names: notempty
New as of v14.0
 anyideas.local (Pool: Local-Pool1 If a domain is specified in the DHCP pool configuration these domains are selectable here. When a domain is selected, the DHCP hosts can be resolved either by the assigned name of the static lease or, if none is defined, by the client name with which the client registers with the DHCP server.
  • The domain is always redirected. For example, if the domain .de is configured for your DHCP pool, you will no longer be able to resolve .de domains on the internet.
    • Disable EDNS for the following servers notempty
    New as of v14.0
     notempty
    Update v14.0.1
    		 The EDNS option is omitted in favor of the option Ignore domains during DNSSEC verification
    • If EDNS was configured in a previous version, a warning will be displayed after login.
    Inhalte in der extc-Variablen EDNS_SERVERS_OFF
    • Clicking the button Yes will open the nameserver dialog, where values for Ignore domains during DNSSEC verification can be set.
      Inhalte in der extc-Variablen EDNS_SKIP_DOMAINS

    Don't forget to save!

    • If the warning is dismissed (Schaltfläche No), it will be ignored for the time being.

    However, the message will appear again at the next login.

  • The old values are temporarily entered under Ignore domains in DNSSEC verification, but they are marked as invalid and need to be changed
    		•
    Dialog at login after an update
    Nameserver UTMuser@firewall.name.fqdnApplications Example of invalid IP addresses from previous configuration
    Use DNS server specified by the provider: This setting is applied in the section DNS-Forwarding
    Retrieved from "https://wiki.securepoint.de/index.php?title=UTM/APP/Nameserver-Allgemein&oldid=98197"