DNS Proxy Forwarding Domains

Overview

The Domain Name System (DNS) is the hierarchical and decentralized naming system used to identify computers, services, and other resources reachable through the Internet or other Internet Protocol (IP) networks.

The "DNS Proxy Forwarding Domains" feature is a based on the Linux dnsmasq package.

Before the "DNS Proxy Forwarding Domains" feature was introduced, an administrator could only configure at most three DNS servers for all types of suffixes - for instance, google.com and amazon.com were translated with the same DNS servers.

With the "DNS Proxy Forwarding Domains" feature, an administrator can configure, for every suffix, what DNS server will translate this suffix.

For instance, an administrator can decide that google.com will be translated by the DNS server 8.8.4.4 (Google's public DNS), but amazon.com will be translated by the DNS server 1.1.1.1 (Cloudflare's public DNS), while other suffixes will be translated by the local DNS server.

To complete this feature, a sub-feature was introduced - "Listening Interfaces". The dnsmasq package uses the configured Listening Interfaces to know on what interfaces it should listen, so it could route DNS queries properly. The dnsmasq package will not route DNS queries on interfaces, on which it was not configured to listen.

Configuring DNS Proxy Forwarding Domains in Gaia Portal

Important - On Scalable Platforms (ElasticXL, Maestro, and Chassis), you must connect to the Gaia PortalClosed Web interface for the Check Point Gaia operating system. of the applicable Security Group.

Step

Instructions

1

In the navigation tree, click Network Management > Hosts and DNS.

2

In the DNS Proxy Forwarding Domains section, click Add.

3

In the New DNS Proxy Forwarding Domain window, configure the applicable settings:

  1. In the DNS Suffix field, enter the domain name suffix.

  2. In the Primary DNS Server field, enter the IPv4 address of the Primary DNS server.

  3. Optional: In the Secondary DNS Server field, enter the IPv4 address of the Secondary DNS server (to use if the Primary DNS server does not respond).

  4. Optional: In the Tertiary DNS Server field, enter the IPv4 address of the Tertiary DNS server (to use if the Primary and Secondary DNS servers do not respond).

  5. Click OK.

4

In the Listening Interfaces section:

  1. Select the applicable interfaces:

    • Listen on all interfaces

    • Listen on specific interfaces and select the applicable interface(s)

  2. Click Apply.

Note - This section applies to all configured DNS Suffixes.

Step

Instructions

1

In the navigation tree, click Network Management > Hosts and DNS.

2

In the DNS Proxy Forwarding Domains section:

  1. Click the DNS suffix.

  2. Click Edit.

3

In the New DNS Proxy Forwarding Domain window:

  1. Configure the applicable settings.

  2. Click OK.

4

In the Listening Interfaces section:

  1. Select the applicable interfaces.

  2. Click Apply.

Note - This section applies to all configured DNS Suffixes.

Step

Instructions

1

In the navigation tree, click Network Management > Hosts and DNS.

2

In the DNS Proxy Forwarding Domains section:

  1. Click the DNS suffix.

  2. Click Delete.

3

Click Yes to confirm.

Configuring DNS Proxy Forwarding Domains in Gaia Clish

Important - On Scalable Platforms (ElasticXL, Maestro, and Chassis), you must run the applicable commands in GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. gClish of the applicable Security Group.

Description

Configure, show, and delete the settings for DNS servers and the DNS suffix in Gaia OS.

Syntax

add dns proxy

      forwarding-domain <FQDN>

      listening-interface {<Name of Interface> | all}

set dns proxy forwarding-domain <FQDN>

      primary <IPv4 Address of DNS Server>

      secondary <IPv4 Address of DNS Server>

      tertiary <IPv4 Address of DNS Server>

show dns proxy

      forwarding-domain <FQDN> {primary | secondary | tertiary}

      forwarding-domains

      listening-interfaces

delete dns proxy

      forwarding-domain <FQDN> [{primary | secondary | tertiary}]

      listening-interface {<Name of Interface> | all}

Important - After you add, configure, or delete features, run the "save config" command to save the settings permanently.

Parameters

Parameter

Description

forwarding-domain <FQDN>

Specifies the DNS suffix (for example, example.com).

listening-interface {<Name of Interface> | all}

Specifies the Listening Interfaces.

primary <IPv4 Address of DNS Server>

Specifies the Primary DNS server.

secondary <IPv4 Address of DNS Server>

Optional. Specifies the Secondary DNS server (to use if the Primary DNS server does not respond).

tertiary <IPv4 Address of DNS Server>

Optional. Specifies the tertiary DNS server (to use if the Primary and Secondary DNS servers do not respond).