Configure DNS Relay settings in the Engine Editor

To enable DNS relay, configure DNS Relay settings for the firewall in the Engine Editor.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Right-click a Single Firewall, Firewall Cluster, or Virtual Firewall element and select Edit <element type>.
  3. In the DNS IP Addresses field, add the IP addresses of one or more external DNS servers to which the firewall forwards DNS requests from clients in the internal network.
    • To enter a single IP address manually, click Add and select IP Address. Enter the IP address in the dialog box that opens.
    • To define an IP address using a network element, click Add and select Network Element.
  4. In the navigation pane on the left, browse to General > DNS Relay.
  5. From the DNS Relay Profile drop-down list, select a DNS Relay Profile element.
    • If you created a custom DNS Relay Profile element, select your custom element.
    • To enable DNS relay without defining custom settings, select the predefined Cache Only DNS Relay Profile element.
  6. In the Listening IP Addresses field, add one or more IP addresses.
    Clients in the internal network can use all of the specified IP addresses to send DNS requests to the firewall.
  7. (Optional) From the Source for Domain-Specific DNS Queries drop-down list, select the interface that is used as the source IP address when the firewall forwards DNS requests to domain-specific DNS servers.
    When According to Routing is selected, the source IP address is automatically selected based on the route to the external DNS server.

Next steps

Configure devices in the internal network to use the selected listening IP addresses on the firewall as a DNS resolver.

Engine Editor – General – DNS Relay

Use this branch to enable and configure DNS relay for firewalls.

Option Definition
DNS Relay Profile Allows you to select a DNS Relay Profile element.
  • Select — Opens a dialog box where you can select an existing DNS Relay Profile element.
  • None — Removes the previously selected DNS Relay Profile element. Selecting None deactivates DNS Relay.
  • New — Allows you to create a new DNS Relay Profile element. Opens the DNS Relay Profile Properties dialog box.
Listening IP Addresses The IP addresses to which clients in the internal network send DNS requests.
Add Adds an interface and its IP address to the list. Opens the Select dialog box.
Remove Removes the selected interface and its IP address from the list.
Source for Domain-Specific DNS Queries The IP addresses that are used as source IP addresses when the firewall makes domain-specific DNS queries.

When According to Routing is selected, the source IP address is automatically selected based on the route to the external DNS server.

Select dialog box (for DNS Relay listening IP addresses)

Use this dialog box to select listening IP addresses for DNS Relay.

Option Definition
Select Interface Lists the available interfaces and their IP addresses. You can select one or more interfaces.
Select Adds the selected IP addresses to the configuration and closes the window.