Firewall - Configure a DNS Server [Zywall/Local DNS or Google DNS]

Created - Updated
Serhii Boiarynov
Print Friendly and PDF
Have more questions? Submit a request

Configuring DNS settings in your Zyxel firewall is essential for ensuring smooth internet connectivity and network operations. In this guide, we'll walk you through two methods for configuring DNS settings on your Zyxel firewall.

 

Method 1: Set Google DNS as DNS server (Custom Defined DNS)


This method is used when you don't have a local server, such as an Active Directory or DNS server, it's advisable to set Google DNS (e.g., 8.8.8.8) as the primary DNS server on your LAN interface. Google DNS is a reliable and high-performance public DNS service that ensures smooth and speedy DNS resolution. This method is ideal for general internet use and helps prevent common DNS-related issues.

  1. Open your firewall's web interface and log in.

  2. Navigate to "Configuration" > "Network" > "Interface" > "Ethernet."

  3. Select the interface that operates as a DHCP Server, on which you want to set the DNS server.

  4. In the "First DNS Server" section, choose "Custom Defined," and enter the DNS address you prefer. For example, you can use 8.8.8.8 for Google DNS.

  5. Click "OK" to apply and save the settings.

Note! Best practice DNS settings for a LAN interface, however, depending on the setup, you might go for method 2 instead.

 

Clients connected to this interface will now use the custom-defined DNS server for name resolution. You might need to trigger a new STP connection by disconnecting and connecting computers on the LAN in order to update the DNS settings they get from the DHCP server (firewall). 

 

Method 2: Set Firewall as DNS server

 

This method is used when you have a local server, such as an Active Directory or DNS server, it's recommended to configure your Zyxel firewall as the primary DNS server (Zywall) on your LAN interface. This approach allows the firewall to manage DNS requests effectively and ensures accurate resolution of local DNS records. By using the firewall as the primary DNS server, you maintain control over internal DNS queries and enhance network performance in environments with local servers.

 

Step 1: Set DNS server to Zywall & configure Domain Zone Forwarder

  1. Open your firewall's web interface and log in.

  2. Navigate to "Configuration" > "Network" > "Interface" > "Ethernet."

  3. Select the interface that operates as a DHCP Server, on which you want to set the DNS server.

  4. In the "First DNS Server" section, choose "Zywall".

  5. Click "OK" to apply and save the settings.

  6. Navigate to "Configuration" > "System" > "DNS."

  7. Click on "Add" under the "Domain Zone Forwarder" section.

  8. Enter the Domain Zone or use a wildcard (*) for all domains.

  9. Select the "Public DNS Server" option and enter the public DNS server address you want to use, e.g., 8.8.8.8 (Google DNS server).

    Note! Choosing a specific interface under "Query via:" could result in DNS issues if you have a backup interface (e.g. wan2) whenever a WAN failover is happening.

  10. Click "OK" to apply and save the settings.

Any interface configured to use "ZyWALL" as the DNS server will now utilize the DNS servers configured in the previous step.

 

Step 2: Configure the DNS/local server as a DNS Address Record

 

Address/PTR Record for Internal Services

If you have internal services that you want to access using their Fully Qualified Domain Names (FQDNs), you can use Address/PTR Records to resolve the FQDNs to internal IP addresses. To accomplish this:

  1. Navigate to Configuration > System > DNS and click "Add" under the "Address/PTR Record" section.

  2. Enter the FQDN (e.g., example.com) and its corresponding internal IP address (e.g., 11.22.33.44).

  3. Click "OK" to save the settings.

Now, your firewall acts as the DNS server for clients, allowing them to resolve internal FQDNs to their respective internal IP addresses.

By following these steps, you can effectively configure DNS settings in your Zyxel firewall to optimize network functionality and enhance DNS resolution capabilities.

 

CNAME Record

If You want to redirect from one FQDN to another, You can use the CNAME.

For example, You have bought a Domain (example.com) and set up a Subdomain (alias.example.com).

You want now to redirect to a DDNS (F.Q.DN) but do not want to type the DDNS.

This means:

We type alias.example.com but we will be redirected to F.Q.DN.

Click on "add", Type the Alias or CNAME, give the FQDN where it should redirect to and click on "OK".

 

MX Record (for My FQDN)

An MX (Mail eXchange) record indicates which host is responsible for the mail for a particular domain, that is, controls where mail is sent for that domain. If you do not configure proper MX records for your domain or other domain, external e-mail from other mail servers will not be able to be delivered to your mail server and vice versa. Each host or domain can have only one MX record, that is, one domain is mapped to one host.

Click "add" to add an MX record.

Enter the domain name where the mail is destined for (example.com).

Enter the IP address or Fully-Qualified Domain Name (FQDN) of a mail server that handles the mail for the domain specified in the field above.

Click on "OK"

 

Articles in this section

See more
Was this article helpful?
3 out of 5 found this helpful
Share