The DNS caching service can also serve as a source for delivering information only about the authoritative name servers for a queried zone. The zone at this server must be obtained from another DNS server, the default master DNS, that hosts the zone.
Step 1. Configure DNS Settings
- Go to CONFIGURATION > Configuration Tree > Box > Administrative Settings.
- In the left menu, click DNS Settings.
- From the Configuration Mode menu, select Switch to Advanced View.
- Click Lock.
- Enter the Box DNS Domain that the NextGen Firewall belongs to.
- In case there are entries in the DNS Server IP table, delete all entries.
- From the DNS Query Rotation list, select no.
Step 2. Configure Caching DNS Service
- In the left menu, click Caching DNS Service.
- From the Run Forwarding/Caching DNS list,select yes.
- From the Run Slave DNS list, select yes.
- From the Query Source Address list, select which IP address to use as source address when querying the DNS or master DNS servers. You can select one of the following options:
- Wildcard (default) – IP selection is accounted for dynamically according to definitions in the routing table.
- VIP (managed firewalls only) – Uses the firewall's VIP IP address.
- MIP – Uses the system’s management IP address, which is the Main Box IP.
- Other – Select this check box to explicitly specify an IPv4 or IPv6 address.
In the DNS Query ACL table, add the single IPv4 / IPv6 addresses or netmasks that can access the DNS service via an app redirect access rule.
- If necessary, enable Log DNS Queries to log every DNS query.
- Click + to add all Default Master DNS servers to the table.
- Click + to add a DNS Slave Zone entry to serve as the stub zone.
- The DNS Slave Zone window opens. Enter a name for the stub zone.
- Click Ok....
- From the Active Zone list, select yes.
- From the Zone Type list, select Forward Lookup.
- From the Replication Mode list, select QueryForward.
- Click OK.
- Click Send Changes.
- Click Activate.