Overview:
The DNS (Domain Name System) module allows forwarding of DNS requests to DNS servers. It can be helpful when attempting to use a local DNS server for the local domain (the other DNS queries are forwarded to the Internet directly and this speeds up the response). DNS forwarder settings also play a role in the configuration of private networks where it is necessary to provide correct forwarding of requests for names in domains of remote subnets.
Request forwarding is defined by rules for DNS names or subnets. Rules are ordered in a list which is processed from the top. If a DNS name or a subnet in a request matches a rule, the request is forwarded to the corresponding DNS server. Queries which do not match any rule are forwarded to the default DNS servers.
Step-By-Step Guide
- Configure simple DNS resolution. For additional information, refer to Configuring Simple DNS Forwarding in Kerio Control, which contains details about the Simple DNS forwarding. If the DNS forwarding service is disabled, the DNS module is used only as a Kerio Control's DNS resolver.
- Choose the option Enable custom DNS forwarding to enable settings for forwarding certain DNS queries to other DNS servers and click Edit.
- In the Custom DNS Forwarding dialog, click Add. The rule can be defined for:
- Common DNS queries (
A
queries). - Reverse queries (
PTR
queries).
- Common DNS queries (
Note: Rules can be reordered by arrow buttons. This enables more complex combinations of rules (e.g. exceptions for certain workstations or subdomains). As the rule list is processed from the top downwards, rules should be ordered starting by the most specific one (e.g. name of a particular computer) and with the most general one at the bottom (e.g. the main domain of the company).
Similarly to this, rules for reversed DNS queries should be ordered by subnet mask length (e.g. with 255.255.255.0
at the top and 255.0.0.0
at the bottom). Rules for queries concerning names and reversed queries are independent of each other.
- In the Custom DNS Forwarding dialog, you can create these types of rules:
-
Match DNS query name: it is necessary to specify a corresponding DNS name (name of a host in the domain). In rules for DNS requests, it is necessary to enter an expression matching the full DNS name. If, for example, the
kerio.c*
expression is introduced, only nameskerio.cz
,kerio.com
etc. would match the rule and host names included in these domains (such aswww.kerio.cz
andsecure.kerio.com
) would not. -
Match IP address from reverse DNS query: alternative to specify rule for DNS queries on IP addresses in a particular subnet (e.g.
192.168.1.0/255.255.255.0
).
-
Match DNS query name: it is necessary to specify a corresponding DNS name (name of a host in the domain). In rules for DNS requests, it is necessary to enter an expression matching the full DNS name. If, for example, the
- Use the Forward the query field to specify IP address(es) of one or more DNS server(s) to which queries will be forwarded. If multiple DNS servers are specified, they are considered as primary, secondary, etc. If the Do not forward option is checked, DNS queries will not be forwarded to any other DNS server. Kerio Control will search only in the hosts table or in the DHCP server table. If requested name or IP address is not found, non-existence of the name/address is reported to the client.
- Save the settings and create another rule if it is needed.
Confirmation: Configured rules appear in the Custom DNS Forwarding dialog box.
Related Articles