The DNS proxy is a proxy server that intercepts DNS queries and answers them, without the need to contact a remote DNS server each time it is necessary to resolve an IP address or a hostname. When a same query is often repeated, caching its results locally may sensibly improve performances. The available settings for the DNS proxy are grouped into three pages.
A few options for the DNS proxy can be configured in this page.
- Transparent on Green, Transparent on Blue, Transparent on Orange
Tick the checkbox to enable the DNS proxy as transparent on the GREEN, BLUE, and ORANGE zone, respectively. The checkboxes appear only if the corresponding zones are enabled.
Bypass the transparent proxy
Specific sources and destinations can be set up to bypass the proxy by filling in their values in the two text areas.
- Bypass from (subnet / IP address / MAC address)
Allow the sources written in the corresponding text area not to be subject to the DNS proxy. The sources can be specified as IP addresses, networks, or MAC addresses.
- Bypass to (subnet / IP address)
Allow the destinations written under the corresponding text area not to be subject to the DNS proxy. The destinations can be specified as IP addresses or networks.
This page allows to define a custom nameserver for a given domain. In other words, all DNS query for that domain will be redirected to the corresponding nameserver to retrieve the correct resolution.
Domains and name server
A new domain - nameserver combination can be added by clicking on thebutton. When adding an entry, the following options are available:
- Domain Name
The domain for which to use the custom nameserver.
- IP Address
The IP address of the nameserver to use.
An additional comment.
This page presents configuration options about the reaction of the UTM when asked to resolve a domain name that is known to be either used to propagate spyware or that serves as phishing site. The service is based on a list of malicious domains maintained by phishtank and when a client behind the UTM tries to access one of these domain, he will be redirected to a non existent domain. To activate the service, click on the grey switch. The following options will appear:
- Whitelist domains
Domain names that are entered in the textarea below are never treated as spyware targets, regardless of the list’s content, and therefore will resolve to their correct IP address.
In case a site has wrongly been blacklisted or if access to a site must always be allowed, regardless of possible false positives, enter its domain name here to allow access to it.
- Blacklist domains
Domain names that are entered in the textarea below are always treated as spyware targets, regardless of the list’s content
- Spyware domain list update schedule
The update frequency of the spyware domain list. Possible choices are Daily, Weekly, and Monthly.
To download updated signatures, the system must be registered to Endian Network and option Disable signature updates if uplink is online (Uplinks) must be disabled on every configured uplink., see section