The Barracuda CloudGen Firewall can act as a authoritative DNS server for your domains.
Before You Begin
Before modifying the server settings, you must create a DNS service. For more information, see How to Configure Services.
Configure the DNS Service
To configure zone-independent DNS server settings,
- Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > DNS-Service.
- Double-click DNS Configuration.
- Right click the server name in the DNS configuration area (e.g.: S1_dns) and select Lock Server.
- Right click the server name and select Properties.
-
In the Interface section, configure the forwarding behavior of the DNS service.
-
forward – This menu offers the following settings:
- <blank> – The default settings of BIND are used.
- first – The server forwards the DNS query first. Only in case no entry is found the local database is queried.
- only – The server forwards all DNS queries.
-
forwarders – Enter the IP addresses of the DNS servers to which DNS queries are forwarded. Separate multiple entries with a semicolon and space (e.g.
10.0.0.53; 10.0.0.67
). -
recursion– Define the allowance of recursive queries. The following options are available:
-
<blank> – The default settings of BIND are used.
- yes – The server allows recursive queries.
- no – The server does not allow recursive queries.
-
<blank> – The default settings of BIND are used.
- notify - Define whether the DNS server should actively notify its slaves about settings updates.
-
forward source-ip – This field offers various options to select the IPv4 or IPv6 address to be used for contacting other DNS servers.
- <blank> – The default settings of BIND are used.
- server-first – The DNS service uses the first server IP for connecting.
- server-second– The DNS service uses the second server IP for connecting.
explicit – The DNS service uses an explicit IP address for connecting. This IP address must be configured as a server IP.
-
forward – This menu offers the following settings:
-
In the Security section, configure security options for the DNS service (when selecting any, you can optionally define one or more further IPv4 or IPv6 addresses):
allow notify – Hosts that are allowed to notify the DNS server about zone changes.
- allow query – Hosts that are allowed to query the DNS server. By default all hosts are allowed to query the DNS server.
- allow recursion – Hosts that are allowed to make recursive queries on this server.
- allow transfer – Hosts that are allowed to fetch the DNS database from the DNS server.
- blackhole – Addresses that the server will not accept queries from and not use to resolve a query.
- none
any (one or more IPv4 or IPv6 addresses) – These entries can optionally be complemented with further IP addresses.
- Click OK.
- Click Send Changes and Activate.
Continue with How to Configure DNS Zones.