According to its default configuration, the CloudGen Firewall responds to DNS queries only from direct-attached networks. The reason is to protect the firewall from heavy loads of queries, e.g., DOS attacks. This is possible because of the listeners (INTERNAL, EXTERNAL) that have already been preconfigured. However, sometimes it may be necessary to allow queries from remote networks as well. In addition, you might need a separate listener that must snoop for incoming DNS queries on an interface with a specific IP address.
Before You Begin
- Verify that all service IP addresses are already configured that are necessary for answering DNS queries on the respective incoming interfaces. For more information, see How to Assign Services.
Create a DNS Listener
Create a listener for a specific IP address on one of the interfaces of your firewall.
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > DNS > DNS-Service.
- In the left menu, click DNS Settings.
- In the main window, click + to the right of the table of the section DNS Listener Classification.
- The Add New DNS Listener window is displayed.
- For Listener Name, enter a name that clearly lets you identify the listener, e.g., via-ISP1 for a query that is coming in via ISP1.
- From Listener IP, select an IP address from the list, e.g., 22.214.171.124 for the local DNS service IP.
- From Classification, select either INTERNAL or EXTERNAL depending on which networks domain the IP address belongs to.
- Select Recursive Lookups if you want to allow answering queries that are not part of any hosted zone table.
- Click OK.
- Click Send Changes.
- Click Activate.
After sending the configuration, the listener is displayed in the main window in the list.