Define External DNS Server elements

There are some cases in which you must define an External DNS Server element.

  • (Firewalls only) For dynamic DNS (DDNS) updates with a Multi-Link configuration.
  • (Firewalls only) If you want to use a DNS server for resolving malware signature mirrors.
  • If you want to use a DNS server for resolving domain names and URL filtering categorization services on Firewalls, IPS engines, and Layer 2 Firewalls.

You can also optionally use External DNS Server elements to specify the DNS servers to which the firewall forwards DNS requests when you configure DNS relay.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Expand the Network Elements branch.
  3. Right-click Servers and select New > External DNS Server.
  4. Enter a unique Name and IP address for the server.
  5. Enter a Time to Live (TTL) interval in seconds. It defines how long a DNS entry can be cached before querying the DNS server again.
    The default is 1 second.
  6. Enter an Update Interval in seconds. It defines how often the DNS entries can be updated to the DNS server if the link status changes constantly.
    The default is 10 seconds.
  7. (Optional) If the device has additional IP addresses, you can enter them as Secondary IP Addresses instead of creating additional elements. However, secondary IP addresses are only used in the Source and Destination cells in rules. They are ignored otherwise.
  8. Click OK.

External DNS Server Properties dialog box

Use this dialog box to define external Domain Name System (DNS) Server properties.

Option Definition
General tab
Name The name of the element.
IP Address Enter the IP address of the server.
Resolve Automatically resolves the IP address of the server.
Time to Live Defines how long a DNS entry can be cached before querying the DNS server again.

The default is 1 second.

Update Interval Defines how often the DNS entries can be updated to the DNS server if the link status changes constantly.

The default is 10 seconds

Secondary IP Addresses Specifies any additional device IP addresses.

You can enter the additional IP addresses here instead of creating more elements for the other IP addresses. The secondary IP addresses are valid in policies and in routing and antispoofing. You can add several IPv4 and IPv6 addresses (one at a time).

Click Add to add an element to the list, or Remove to remove the selected element.
Category

(Optional)

Includes the element in predefined categories. Click Select to select a category.
Tools Profile Adds commands to the element right-click menu.Click Select to select an element.
Comment

(Optional)

A comment for your own reference.
Option Definition
Monitoring tab
Log Server The Log Server that monitors the status of the element.
Status Monitoring When selected, activates status monitoring for the device. You must also select the Probing Profile that contains the definitions for the monitoring. When you select Status Monitoring, the element is added to the tree in the Home view.
Probing Profile Shows the name of the selected Probing Profile. Click Select to select a Probing Profile element.
Log Reception Activates syslog reception from this device. You must select the Logging Profile that contains the definitions for converting the syslog entries to SMC log entries. You must also select the Time Zone in which the device is located. By default, the local time zone of the computer you are using is selected.
Logging Profile Shows the name of the selected Logging Profile. Click Select to select a Logging Profile element.
Time Zone Selects the time zone for the logs.
Encoding Selects the character set for log files.
SNMP Trap Reception Enables the reception of SNMP traps from the third-party device.
NetFlow Reception Enables the reception of NetFlow data from the third-party device. The supported versions are NetFlow v5, NetFlow v9, and IPFIX (NetFlow v10).
Option Definition
NAT tab
Firewall Shows the selected firewall.
NAT Type Shows the NAT translation type: Static or Dynamic.
Private IP Address Shows the Private IP Address.
Public IP Address Shows the defined Public IP Address.
Port Filter Shows the selected Port Filters.
Comment An optional comment for your own reference.
Add NAT Definition Opens the NAT Definition Properties dialog box.
Edit NAT Definition Opens the NAT Definition Properties dialog box for the selected definition.
Remove NAT Definition Removes the selected NAT definition from the list.