Configure DNS Profiles

Select
Policies
Stacked Policies
DNS
DNS Service Roles
and click
Create DNS Profile
.

Enter
Basic
information for the profile, select to retain strict domain names and DNS loop detection, and add a DNS server.
Enter the
Name
,
(Optional)
Description
, and
(Optional)
Tags
for the DNS service profile.
Select to
Enable strict domain name
and to
Enable DNS loop detection.
(Optional)
Enter the
Max EDNS Packets
size.
The default size is 4096.
(Optional)
Choose a
Listen DNS Role
from the drop-down and enter the
Listen Port
number.
The default value is 53. The optional value must be between 1 to 65535.
Roles created as part of the DNS service are listed in the
Listen DNS Role
field.
(Optional)
Select the option
Send to all DNS Servers
.
Add a DNS server, by specifying the
DNS Server IP
and
(Optional)
DNS Server Port
.
Select either IP Prefix or Domain and enter the required information.
Configuring the
IP Prefix
forwards PTR (reverse lookups) for the specified subnet to the DNS server.
Configuring the
Domain Name
option forwards name resolution request for the specified domain(s) to the DNS server.
(Optional)
Choose a
Forward DNS Role
from the drop-down and enter the
Source Port
.
Roles created as part of the DNS service are listed in the
Forward DNS Role
field.
Map
Domain to Address
to enable you to specify DNS responses with the configured mapping.
The
Domain to Address
mapping and the IP address must be unique.
Click
Add
to add a domain address.
Specify the
Domain Name
and the
IP Prefix
.
Specify the
Queries and Responses
parameters to append the client metadata to the DNS query as it is sent to the upstream DNS server.
DNS responses can also be overridden or can block specific responses entirely.
Select
Add a Client
and specify the
Mac Encoding Format
.
Enter a
Custom Text
and an
Identifier
, or choose the
Element ID/Element
from the drop-down.
Add a new
Subnet
by entering the
(Optional)
IP Address
and the
Prefix Length
.
Select to
Disable private IP lookups
.
If required, enter
Max TTL
and
Local TTL
values in seconds.
(Optional)
Enter IP addresses that can be identified as
Bogus NX Domains
and
Ignore IP Addresses
.
Create new
Aliases
by replacing the IP address.
This can be done by either choosing to replace the
Original IP Prefix
or retaining the
Original IP Range
by entering the original start IP and original end IP.
Specify the
Cache and DNSSec proxy
configurations.
Select to
Disable Negative Caching
option.
If required, include values in seconds for
Min Cache TTL
,
Max Cache TTL
,
Cache Size
, and
Negative Cache TTL
.
Select to
Stop dns rebind for private ip
and to
Enable localhost rebind
.
(Optional)
Enter the names of the
Rebind Domains
.
Select to enable the
DNSSEC Proxy and
DNSSEC Config
options.
Enter information on
Class
,
Domain
,
Key Tag
, and
Algorithm
to
Add
a new
Trust Anchor
.
Add a record by entering basic information in
Authoritative Config
or enter secondary server details.
(Optional)
Enter
Secondary Server
details,
Peers
, and
TTL value
in seconds.
To
Add
a record, enter the
Name
(record names are listed in the drop-down),
Flags
,
Tag
, and
Value
.
Complete all configuration requirements and
Submit
.