We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure the DNS Caching Service for Queries of Forward and Stub Zones

  • Last updated on

The DNS caching service can also serve as a source for delivering information only about the authoritative name servers for a queried zone. The zone at this server must be obtained from another DNS server, the default master DNS, that hosts the zone.

Step 1. Configure DNS Settings

Do not install both the forwarding/caching DNS (bdns) service and a running DNS service. The forwarding/caching DNS (bdns) configuration will collide with the DNS service.
  1. Go to CONFIGURATION > Configuration Tree > Box > Administrative Settings. 
  2. In the left menu, click DNS Settings.
  3. From the Configuration Mode menu, select Switch to Advanced View.
  4. Click Lock.
  5. Enter the Box DNS Domain that the NextGen Firewall belongs to.
  6. In case there are entries in the DNS Server IP table, delete all entries.
  7. From the DNS Query Rotation list, select no.

Step 2. Configure Caching DNS Service

  1. In the left menu, click Caching DNS Service.
  2. From the Run Forwarding/Caching DNS list,select yes.
  3. From the Run Slave DNS list, select yes.
  4. From the Query Source Address list, select which IP address to use as source address when querying the DNS or master DNS servers. You can select one of the following options:
    • Wildcard (default) IP selection is accounted for dynamically according to definitions in the routing table.
    • VIP (managed firewalls only)Uses the firewall's VIP IP address.
    • MIP – Uses the system’s management IP address, which is the Main Box IP.
    • Other – Select this check box to explicitly specify an IPv4 or IPv6 address.
  5. In the DNS Query ACL table, add the single IPv4 / IPv6 addresses or netmasks that can access the DNS service via an app redirect access rule.

  6. If necessary, enable Log DNS Queries to log every DNS query.
  7. Click + to add all Default Master DNS servers to the table.
  8. Click + to add a DNS Slave Zone entry to serve as the stub zone.
    forward_stub_zone_caching_dns_settings.png
  9. The DNS Slave Zone window opens. Enter a name for the stub zone.
  10. Click Ok....
  11. From the Active Zone list, select yes.
  12. From the Zone Type list, select Forward Lookup.
  13. From the Replication Mode list, select QueryForward.
  14. Click OK.
    forward_stub_zone_slave_zone_settings.png
  15. Click Send Changes.
  16. Click Activate.
Last updated on