Fixed DNS results
You can optionally configure the firewall to return fixed DNS results for specific hosts or domains without relaying the request to any DNS server.
You can define fixed DNS results in two ways.
| Option for fixed DNS results | Description |
|---|---|
| Host name mappings | You statically map host names and aliases for host names to IPv4 or IPv6 addresses. When a
client requests DNS resolution for a host name that is included in the fixed mappings, the
firewall resolves the IP address based on the mappings. Host name mappings simplify the configuration when you only need to resolve a small number of host names in internal networks to static IP addresses. You define host name mappings as pairs of IP addresses and host names in the Host Name Mappings section of DNS Relay Profile elements. |
| Fixed domain answers | The firewall replies to requests for specific domain names with IPv4 addresses, IPv6 addresses,
domain names, or empty DNS replies. When the firewall provides an empty DNS reply, the client
receives the same response as for domains for which no DNS record is found. Fixed domain answers are useful if you always want to direct requests for specific domains to specific destinations. For example, you can reply to all requests for the domain of an advertising network with an empty reply to block unwanted ads on web pages. You define fixed domain answers as pairs of domains names and values that the firewall returns in the Fixed Domain Answers section of DNS Relay Profile elements. |