beautypg.com

Kerio Tech Firewall6 User Manual

Page 106

background image

Chapter 8

Configuration of network services

106

The Name DNS query option allows specification of a rule for name queries. Use the If

the queried name matches entry to specify a corresponding DNS name (name of a host

in the domain).

It is usually desirable to forward queries to entire domains rather than to specific

names. Specification of a domain name may therefore contain * wildcard symbol
(asterisk — substitutes any number of characters) and/or ? (question mark — substi-

tutes a single character). The rule will be applied to all names matching with the string

(hosts, domains, etc.).

Example:

DNS name will be represented by the string ?erio.c*. The rule will be applied to all
names in domains kerio.com, cerio.com, aerio.c etc., such as on www.kerio.com,

secure.kerio.com

, www.aerio.c, etc.

Warning

In rules for DNS requests, it is necessary to enter an expression matching the full DNS

name! If, for example, the kerio.c* expression is introduced, only names kerio.cz,
kerio.com

etc. would match the rule and host names included in these domains (such

as www.kerio.cz and secure.kerio.com) would not!

Use the Reverse DNS query alternative to specify rule for DNS queries on IP addresses

in a particular subnet. Subnet is specified by a network address and a corresponding

mask (i.e. 192.168.1.0 / 255.255.255.0).

Use the Then forward query to DNS Server(s) field to specify IP address(es) of one or

more DNS server(s) to which queries will be forwarded.

If multiple DNS servers are specified, they are considered as primary, secondary, etc.

If the Do not forward option is checked, DNS queries will not be forwarded to any

other DNS server — WinRoute will search only in the hosts local file or in DHCP ta-

bles (see below). If requested name or IP address is not found, non-existence of the

name/address is reported to the client.

Simple DNS resolution

DNS Forwarder can be used as a simple DNS server, typically for a local domain. If the simple

DNS resolution is set, the DNS forwarder attempts to respond to the received DNS query first

and it does not forward it to another DNS server unless unsuccessful.

Before forwarding a query...

These options allow setting of where the DNS Forwarder would search for the name or IP

address before the query is forwarded to another DNS server.

’hosts’ file — this file can be found in any operating system supporting TCP/IP.

Each row of this file includes host IP addresses and a list of appropriate DNS