Last adaptation to the version: 12.6.1
New:
- Updated to Redesign of the webinterface
{{var | Nameserver der Firewall festlegen--desc
| Menü
Area
Servereinstellungen Abschnitt {{b|
DNS-Server
.
| Menu
Area
Server Settings section
DNS-Server
.
DNS Forwarding
A DNS forwarding is used to forward all DNS requests made to the firewall's name server to another IP.
Add DNS Forwarding
Menu Area DNS Forwarding Button + Add DNS Forwarding
Caption |
Value |
Description
|
Creating a DNS Forwarding
|
IP address: |
192.168.175.2 |
Click on Add server and in the IP address field the address of the remote name server is entered
Edit the entry trash Delete the entry
|
|
Saves the entry
|
|
Domain forwarding through a VPN tunnel
Sometimes it is necessary to forward internal domain requests to a remote name server located in a VPN.
It should be noted here that, by default, all direct requests addressed to external name servers are sent from the firewall with the external IP. However, a public IP is not routed into a VPN tunnel.
Set the name server of the firewall
Caption |
Value |
Description
|
Name server IP
|
Check name server before local cache: |
Yes |
Should be enabled
|
Primary name server: |
127.0.0.1 |
The IP of the UTM itself (localhost=127.0.0.1)
|
Secondary name server: |
|
Can remain empty or designate another DNS in the VPN
|
|
Saves the entry
|
|
Create relay
notemptyFor this example, an IPSec connection was used. For SSL-VPN, the setup is done in the same way.
Menü Menu Area Zones Button + Add Relay-Zone.
Caption |
Value |
Description
|
Creating the relay zone
|
Zone name: |
relay.test.local |
Zone name of the desired domain
|
Type: |
Relay |
Select this type
|
IP address: |
192.168.8.5 |
Click on Add server and in the IP address field the address of the remote name server is entered
Edit the entry trash Delete the entry
|
|
Saves the entry
|
|
Create network object
Menu Button + Add Object. A network object must be created for the IPSec network.
Caption |
Value |
Description
|
Network object
|
Name: |
IPSec-Network |
Choose unique name
|
Type: |
VPN network |
Select this type
|
Address: |
192.168.8.0/24 |
The IP address corresponds to that of the IPSec network
|
Zone: |
vpn-ipsec |
Suitable zone must be selected
|
|
Saves the entry
|
|
Add Rule
In the last step, a firewall rule with a Hide NAT must be created. This causes the DNS forwarding to also go into the tunnel, and not directly into the Internet.
Menu Button + Add Rule.
Safe Search with external DHCP server
If an external DHCP server is used, the active web filter Safe Search often does not work for search engines, especially Google, when searching for images.
In order for this web filter to take effect there as well, the following forward zones must be set up for all ccTLDs (see https://www.google.com/supported_domains : www.google.de, www.google.ch, ...).
Menu Button + Add Forward Zone.
Caption |
Value
|
The forward zone set up for www.google.com
|
Zone name: |
www.google.com
|
Name server hostname: |
localhost
|
Name server IP address: |
|
In the Name server window, click in the www.google.de zone. In the Edit Zone window click Add entry.
|
Name: |
www.google.com
|
Type: |
A
|
Value: |
216.239.38.120
|
Save and click again on Add entry.
|
Name: |
www.google.com
|
Type: |
AAAA
|
Value: |
2001:4860:4802:32::78
|
|
Saves the entry
|
|