Skip to content

Add a DNS host entry

You can resolve requests for specific host or domain names using DNS host entries. If the host requested by the user matches the DNS host entry, the device resolves the query using the IP address specified.

  1. Go to Network > DNS.
  2. Scroll to the DNS host entry section and click Add.
  3. Specify the settings.

    Option Description
    Host/Domain name Fully qualified domain name (FQDN) for the host or domain.
    Entry type Type an IP address for the host or select an interface to configure as the host.
    IP address IP address of the host.
    Time-to-live Interval (in seconds) at which a DNS lookup for the domain occurs.

    TTL (time-to-live) determines how long it takes for a DNS record change to take effect. The domain's DNS record is cached until the next lookup.

    Sophos Firewall performs DNS lookups for domains that resolve to localhost at the default interval rather than the TTL value in the DNS record. To change the default interval, go to the CLI help.
    Weight Weight for load balancing the traffic. The device distributes traffic across the links in proportion to the weights assigned to individual links. The weight determines how much traffic passes through a specific link relative to the other links listed on the WAN link manager page.
    Publish on WAN Publish the DNS host entry on the WAN.
    Add reverse DNS lookup for this host entry Allow the IP address to be resolved to its designated domain name.

    The following restrictions apply to reverse DNS lookup:

    • If there are multiple hosts resolving to the same IP address, reverse DNS lookup can be configured for only one of the IP addresses.
    • Only A, AAAA, and PTR type DNS records are supported.
    • Address (A) records point a hostname to an IP address and return a 32-bit IPv4 address.
    • AAAA records point a hostname to an IP address and return a 128-bit IPv6 address.
    • Pointer records (PTR) are used for reverse lookups. They map the IP address to a hostname.
    • Maximum DNS entries supported is 1024.
    • If the device interface is used as a DNS in the client system, a query is sent to the configured DNS servers prior to querying the ROOT severs.
  4. Click Save.

More resources