Jump to:navigation, search
Wiki






























De.png
En.png
Fr.png






Last adaptation to the version: 12.6.1
New:
  • Updated to Redesign of the webinterface
notempty
This article refers to a Resellerpreview

12.2.3 11.8.2

Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115
Applications Nameserver  Area General


General Settings

General settings are made under Applications Nameserver  Area General.
Caption Value Description Nameserver UTMuser@firewall.name.fqdnAnwendungen UTM v12.6.0 Anwendungen Nameserver Allgemein-en.pngTab General
DNSSEC validation in resolver: Off notempty
Caution!
If DNSSEC Validation is enabled alongside Forward-Zones, it must be ensured that the domains corresponding to the forward zones can be validated within the global DNS. Replies corresponding to not globally registered domains are refused and lead to SERVFAIL replies for the domain in question.

When this function is activated, all DNS entries are resolved with DNSSEC without exception. This would also attempt a validation in the DNS hierarchy for only local addresses. However, due to the lack of uniqueness of the local address, it cannot be registered with higher-level DNS servers. An error message appears, the address is not resolved and the zone is therefore not accessible (using DNS).
This applies, for example, to .local domains!
Further information on the implementation of DNSSEC can be found here.
Allow DNS queries only from routed and VPN networks: On
Default
By default, only DNS queries from the following sources are answered:
  • localhost
  • local networks
  • Networks that are routed via another gateway but do not contain a default route (or shared default route)
  • VPN transfer networks or Roadwarrior address pools
Off If DNS queries are to be answered from other external networks as well, this option must be disabled
Disable EDNS for the following servers:     EDNS can be disabled for servers that do not comply with RFC 6891.
Old or misconfigured name servers sometimes do not use or do not correctly use Extended DNS and as a result do not accept DNS queries that use these protocol extensions.
  • EDNS is mandatory for DNSSEC
    The DO flag (DNSSEC OK) can no longer be placed in the standard header.
      
  • notempty
    New as of v12.6.0

    Use DNS server specified by the provider:
    Off When activated, the DNS server of the Internet provider is used.