ZyXEL Communications 5 Series User Manual
Chapter 26 DNS Screens
ZyWALL 5/35/70 Series User’s Guide
485
The following table describes the labels in this screen.
26.3 The DNS Cache Screen
DNS cache is the temporary storage area where a router stores responses from DNS servers.
When the ZyWALL receives a positive or negative response for a DNS query, it records the
response in the DNS cache. A positive response means that the ZyWALL received the IP
address for a domain name that it checked with a DNS server within the five second DNS
timeout period. A negative response means that the ZyWALL did not receive a response for a
query it sent to a DNS server within the five second DNS timeout period.
When the ZyWALL receives a positive or negative response for a DNS query, it records the
response in the DNS cache. A positive response means that the ZyWALL received the IP
address for a domain name that it checked with a DNS server within the five second DNS
timeout period. A negative response means that the ZyWALL did not receive a response for a
query it sent to a DNS server within the five second DNS timeout period.
When the ZyWALL receives DNS queries, it compares them against the DNS cache before
querying a DNS server. If the DNS query matches a positive entry, the ZyWALL responses
with the IP address from the entry. If the DNS query matches a negative entry, the ZyWALL
replies that the DNS query failed.
querying a DNS server. If the DNS query matches a positive entry, the ZyWALL responses
with the IP address from the entry. If the DNS query matches a negative entry, the ZyWALL
replies that the DNS query failed.
To configure your ZyWALL’s DNS caching, click ADVANCED > DNS > Cache. The screen
appears as shown.
appears as shown.
LABEL
DESCRIPTION
Domain Zone
This field is optional.
A domain zone is a fully qualified domain name without the host. For example,
zyxel.com.tw is the domain zone for the www.zyxel.com.tw fully qualified domain
name. For example, whenever the ZyWALL receives needs to resolve a
zyxel.com.tw domain name, it can send a query to the recorded name server IP
address.
Leave this field blank if all domain zones are served by the specified DNS server(s).
A domain zone is a fully qualified domain name without the host. For example,
zyxel.com.tw is the domain zone for the www.zyxel.com.tw fully qualified domain
name. For example, whenever the ZyWALL receives needs to resolve a
zyxel.com.tw domain name, it can send a query to the recorded name server IP
address.
Leave this field blank if all domain zones are served by the specified DNS server(s).
DNS Server
Select the DNS Server(s) from ISP radio button if your ISP dynamically assigns
DNS server information. You also need to select an interface through which the ISP
provides the DNS server IP address(es). The interface should be activated and set
as a DHCP client. The fields below display the (read-only) DNS server IP
address(es) that the ISP assigns. N/A displays for any DNS server IP address fields
for which the ISP does not assign an IP address. N/A displays for all of the DNS
server IP address fields if the ZyWALL has a fixed WAN IP address.
Select Public DNS Server if you have the IP address of a DNS server. The IP
address must be public or a private address on your local LAN. Enter the DNS
server's IP address in the field to the right.
Public DNS Server entries with the IP address set to 0.0.0.0 are not allowed.
Select Private DNS Server if the DNS server has a private IP address and is located
behind a VPN peer. Enter the DNS server's IP address in the field to the right.
With a private DNS server, you must also configure the first DNS server entry for the
LAN, DMZ and/or WLAN in the DNS DHCP screen to use DNS Relay.
You must also configure a VPN rule since the ZyWALL uses a VPN tunnel when it
relays DNS queries to the private DNS server. The rule must include the LAN IP
address of the ZyWALL as a local IP address and the IP address of the DNS server
as a remote IP address.
Private DNS Server entries with the IP address set to 0.0.0.0 are not allowed.
DNS server information. You also need to select an interface through which the ISP
provides the DNS server IP address(es). The interface should be activated and set
as a DHCP client. The fields below display the (read-only) DNS server IP
address(es) that the ISP assigns. N/A displays for any DNS server IP address fields
for which the ISP does not assign an IP address. N/A displays for all of the DNS
server IP address fields if the ZyWALL has a fixed WAN IP address.
Select Public DNS Server if you have the IP address of a DNS server. The IP
address must be public or a private address on your local LAN. Enter the DNS
server's IP address in the field to the right.
Public DNS Server entries with the IP address set to 0.0.0.0 are not allowed.
Select Private DNS Server if the DNS server has a private IP address and is located
behind a VPN peer. Enter the DNS server's IP address in the field to the right.
With a private DNS server, you must also configure the first DNS server entry for the
LAN, DMZ and/or WLAN in the DNS DHCP screen to use DNS Relay.
You must also configure a VPN rule since the ZyWALL uses a VPN tunnel when it
relays DNS queries to the private DNS server. The rule must include the LAN IP
address of the ZyWALL as a local IP address and the IP address of the DNS server
as a remote IP address.
Private DNS Server entries with the IP address set to 0.0.0.0 are not allowed.
Apply
Click Apply to save your changes back to the ZyWALL.
Cancel
Click Cancel to exit this screen without saving.