The CloudGen Firewall offers the option to configure primary, secondary, reverse, and forwarding zones. When configuring a primary or reverse zone, it is important to correctly handle the serial / serial number offset value.
Before You Begin
- Verify that all necessary IP addresses for answering DNS queries are already configured as service IP addresses on the respective incoming interfaces. For more information, see How to Assign Services.
- Ensure that the serial number offset is high enough.
Option 1: Configure a Primary Zone
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > DNS > DNS-Service.
- In the left menu, click Hosted Zones.
- Right-click in the window.
- From the list, select Add new DNS Zone.
- The Add Hosted Zone / Domain window is displayed.
- For Hosted Zone Type, select Primary.
- For Enabled, select the check box if you want the record to be active.
For Domain Name, enter the name of the domain, e.g.,
example.com
.While entering the domain name, the edit field for Authoritative Name Server will be auto-filled and the standard name
ns1
will be prepended to your domain name for the name server.- For Description, enter any text that best describes your domain.
- TTL (time to live [sec]) is already preset. Change the value if necessary.
- For Serial Number Offset, enter the offset only if the serial of your new zone record must be higher than the serial on the secondary DNS server.
- For the auto-filled edit field Authoritative Name Server you can omit any changes unless necessarily required.
- For Responsible Person Email, enter the email address of the person that is responsible for the configured domain. The edit field accepts the underscore character: '_'.
- Select Generate NS Record if you want to have the name server record created automatically for you.
- For Zone Transfer, select Yes if you want to allow automatic zone transfers.
- For Zone Transfer ACL, enter all IP addresses of secondary DNS servers that are allowed to exchange zone data with the primary.
- Click OK.
- Click Send Changes.
- Click Activate.
You have now configured a primary zone.
Option 2: Configure a Secondary Zone
If your firewall must operate as a secondary DNS server for a certain zone hosted on another authoritative primary DNS server, create a secondary zone to host it on your firewall.
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > DNS > DNS-Service.
- In the left menu, click Hosted Zones.
- Right-click in the window.
- From the list, select Add new DNS Zone.
- The Add Hosted Zone / Domain window is displayed.
- For Hosted Zone Type, select Secondary.
- For Enabled, select the check box if you want the record to be active.
- For Domain Name, enter the domain for which you want to create a secondary zone, e.g.,
example2.com
. - For Description, enter any text that best describes your domain.
- Click + to add the primary DNS server that hosts the primary zone.
- The Add New Key window is displayed.
- Enter the IP address for the primary DNS server, e.g., 212.86.0.11, where to make the zone transfer from.
- Click OK.
- Click Send Changes.
- Click Activate.
In the Hosted Zones window, you can now see the record for the primary zone
Option 3: Configure a Reverse Zone
Configuring a reverse zone requires a primary zone that is already configured. If there is no primary zone configured yet, start over with Option 1 above.
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > DNS > DNS-Service.
- In the left menu, click Hosted Zones.
- Right-click in the window.
- From the list, select Add new DNS Zone.
- The Add Hosted Zone / Domain window is displayed.
- For Hosted Zone Type, select Reverse.
- For Enabled, select the check box if you want the record to be active.
- In the edit field Network at the bottom of the window, enter the network address that you are configuring the reverse zone for, e.g.,
62.99.0.0/24
. - The edit field for Domain Name will be auto-filled based on the network address.
- For Description, enter any text that best describes your domain.
- TTL (time to live [sec]) is already preset. Change the value if necessary.
- For Serial Number Offset, enter the offset only if the serial of your new zone record must be higher than the serial on the secondary DNS server.
- For Authoritative Name Server, enter the same name server as for the related primary zone, e.g.,
ns1.example.com
. - For Responsible Person Email, enter the email address of the person that is responsible for the configured domain.
- For Zone Transfer, select Yes if you want to allow automatic zone transfers.
- For Zone Transfer ACL, enter all IP addresses of secondary DNS servers that are allowed to exchange zone data with the primary.
- Click OK.
- Click Send Changes.
- Click Activate.
In the Hosted Zones window, you can now see the record for the reverse zone.
Option 4: Configure a Forward Zone
If your firewall must operate as a secondary DNS server for a certain zone hosted on another authoritative primary DNS server, create a secondary zone to host it on your firewall.
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > DNS > DNS-Service.
- In the left menu, click Hosted Zones.
- Right-click in the window.
- From the list, select Add new DNS Zone.
- The Add Hosted Zone / Domain window is displayed.
- For Hosted Zone Type, select Forward.
- For Enabled, select the check box if you want the record to be active.
- For Domain Name, enter the domain for which you want to create a forwarder, e.g.,
example.com
. - For Description, enter any text that best describes your domain.
- Click + to add a DNS forwarder.
- The Add New Key window is displayed.
- Enter the IP address for the DNS forwarder, e.g., 212.86.0.11.
- Click OK.
- Click Send Changes.
- Click Activate.