Legacy USG - Configure DNS on a Firewall

When confronted with slow performance, this is sometimes provoked by insufficient DNS setup,
especially when this error only occurs with domain names and not with IPs!
This tutorial (with a USG40W) will give you a basic idea on how to set up DNS correctly on our firewalls.

 

For the new article, please look here: 

Firewall - Configure a DNS Server [Zywall/Local DNS or Google DNS]

 

Step by step guides

1. Custom defined (under DHCP Setting)

2. Object reference (for all interfaces)

 

1. Custom defined (under DHCP Setting)

Open the web interface of the firewall and log into it.
mceclip0.png

Go to Configuration > Network > Interface > Ethernet
mceclip1.png

Select the interface (has to be a DHCP Server) you want to set the DNS server on.
mceclip5.png

On “First DNS Server”, select Custom Defined and enter 8.8.8.8 (for Google DNS).
Click “OK” to apply and save the settings.
mceclip6.png
Clients connected on this interface will now use the custom defined DNS server.

 

2. Object reference (for all interfaces)

Open the web interface of the firewall and log into it.
mceclip0.png

Go to Configuration > System > DNS
mceclip8.png

Click on “Add” under the “Domain Name Forwarder”
mceclip9.png

Enter the Domain Zone or for a wildcard (all domains): *
mceclip10.png

Click the "Public DNS Server" option and enter a public DNS server, here 8.8.8.8 (Google DNS server)
and select the correct query port, in this case “wan1” (interface with the internet access) and click “OK” to apply and save the settings.
mceclip11.png
Any interface with "ZyWALL" as DNS server will use the here configured DNS servers.
mceclip12.png

 

Address/PTR Record

If You have internal Services and want to access them via their FQDN, You can use the Address/PTR Record to resolve the FQDN to the internal IP.

A PTR (pointer) record is also called a reverse record or a reverse lookup record. It is a mapping of an IP address to a domain name.

This means that the ZyWall / USG / ATP / USG FLEX needs to be the DNS Server for the Clients.

mceclip0.png

Click on "add", Type in the FQDN (example.com) and the internal IP (11.22.33.44)

mceclip1.png

Now click on "OK" and You are all set.

 

CNAME Record

If You want to redirect from one FQDN to another, You can use the CNAME.

For example, You have bought a Domain (example.com) and set up a Subdomain (alias.example.com).

You want now to redirect to a DDNS (F.Q.DN) but do not want to type the DDNS.

This means:

We type alias.example.com but we will be redirected to F.Q.DN.

Click on "add", Type the Alias or CNAME, give the FQDN where it should redirect to and click on "OK".

mceclip2.png

 

MX Record (for My FQDN)

An MX (Mail eXchange) record indicates which host is responsible for the mail for a particular domain, that is, controls where mail is sent for that domain. If you do not configure proper MX records for your domain or other domain, external e-mail from other mail servers will not be able to be delivered to your mail server and vice versa. Each host or domain can have only one MX record, that is, one domain is mapped to one host.

Click "add" to add an MX record.

Enter the domain name where the mail is destined for (example.com).

Enter the IP address or Fully-Qualified Domain Name (FQDN) of a mail server that handles the mail for the domain specified in the field above.

Click on "OK"

mceclip3.png

 

 

Video - How to Setup DNS

Articles in this section

Was this article helpful?
10 out of 11 found this helpful
Share