Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

DNS

You can obtain the address of a DNS server from a DHCP or PPPoE server, or you can specify static DNS servers.

You can resolve requests for specific hosts using a specified IP address, and resolve requests for external domains using DNS servers on your network.

DNS configuration

Note

The availability of options depends on the configuration of the available interfaces.

Obtain DNS from DHCP: Uses the configured DHCP server to obtain DNS.

If you've selected this option and turn off the last available DHCP interface or swtich it to another IP assignment mode, this setting changes to Static DNS. The firewall doesn't revert this setting when you turn on the interface. You must manually revert it.

Obtain DNS from PPPoE: Uses the configured PPPoE server to obtain DNS.

Static DNS: Uses the specified servers for DNS queries. The firewall queries DNS servers in the listed order until it receives a response. For example, it queries the second server only if it doesn't receive a response from the first server within the time-out period.

Note

The firewall considers an NXDOMAIN (domain doesn't exist) response valid and won't query the next server. Responses are cached until the time-to-live expires.

Choose a server based on incoming requests record type: Choose the DNS server to resolve the domain name based on the incoming requests record type. Incoming requests can be A or AAAA type.

Choose IPv6 DNS server over IPv4: If both IPv6 and IPv4 DNS servers are configured, allocate priority to the IPv6 server for resolving queries.

Choose IPv4 DNS server over IPv6: If both IPv6 and IPv4 DNS servers are configured, allocate priority to the IPv4 server for resolving queries.

Choose IPv6 if request originator address is IPv6, else IPv4: Choose the IPv6 DNS server when a request is received from an IPv6 source and the IPv4 DNS server when a request is received from an IPv4 source.

  • To save a configuration, specify IP and query settings and click Apply.
  • To test connectivity with the DNS server, click Test name lookup and type an IP address or hostname.

DNS host entry

You can resolve requests for specific host or domain names using DNS host entries. If the host requested by the user matches the DNS host entry, the device resolves the query using the IP address specified. This provides faster resolution and reduces queries to the authoritative DNS server.

DNS request route

You can resolve requests for external domain names through DNS servers on your network using DNS request routes. This provides faster resolution, decreases internet traffic over the network, and improves security as less DNS information is exposed on the internet.

You can also use DNS request routes when you need to use specific DNS servers to resolve queries for specific domains. For example, if you have an internal Active Directory server, you may want to divert queries for your local domain to that server while still forwarding queries for internet domains directly to your configured DNS server.