Configuring Split DNS
To configure a SecuRemote DNS server for Split DNS:
-
Create a New SecuRemote DNS:
-
In SmartConsole, in the Objects tree, select New > Server> More> SecuRemote DNS.
The NewSecuRemote DNS window opens.
-
-
In the General tab, enter a name for the server and select the host on which it runs.
-
In the Domains tab, click Add to add the domains that will be resolved by the server.
The Domain window opens.
-
Enter the Domain Suffix for the domain that the SecuRemote DNS server will resolve, for example, checkpoint.com.
-
In the Domain Match Case section, select the maximum number of labels that can be in the URL before the suffix. URLs with more labels than the maximum will not be sent to that DNS.
-
Match only *.suffix - Only requests with 1 label are sent to the SecuRemote DNS. For example, "www.checkpoint.com" and "whatever.checkpoint.com" but not "www.internal.checkpoint.com."
-
Match up to x labels preceding the suffix- Select the maximum number of labels. For example, if you select 3, then the SecuRemote DNS Server will be used to resolve "www.checkpoint.com" and "www.internal.checkpoint.com" but not "www.internal.inside.checkpoint.com".
-
-
Click OK.
-
Click OK.
-
Install the policy.