The DNS proxy is a proxy server that intercepts DNS queries and answers them, without the need to contact a remote DNS server each time it is necessary to resolve an IP address or a hostname. When a same query is often repeated, caching its results locally may sensibly improve performances. The available settings for the DNS proxy are grouped into three pages.
DNS Proxy configuration¶
A few options for the DNS proxy can be configured in this page.
The status for the DNS proxy is displayed for all of the configured default network zones GREEN, BLUE, and ORANGE. To add any additional zones which were configured you can click the button in the top right. To enable/disable the DNS proxy service for any given zone, simply click the Edit icon and check/uncheck the Enable checkbox.
Specific sources and destinations can be set up to bypass the proxy by filling in their values in the two text areas.
- Bypass from (subnet / IP address / MAC address)
Allow the sources written in the corresponding text area not to be subject to the DNS proxy. The sources can be specified as IP addresses, networks, or MAC addresses.
- Bypass to (subnet / IP address)
Allow the destinations written under the corresponding text area not to be subject to the DNS proxy. The destinations can be specified as IP addresses or networks.
This page allows to define a custom nameserver for a given domain. In other words, all DNS query for that domain will be redirected to the corresponding nameserver to retrieve the correct resolution.
Domains and name server
A new domain - nameserver combination can be added by clicking on thebutton. When adding an entry, the following options are available:
- Domain Name
The domain for which to use the custom nameserver.
- IP Address
The IP address of the nameserver to use.
An additional comment.
Local domains for system services¶
Here are displayed the domains and corresponding IP addresses used for system services (e.g. HTTP or SMTP proxy). The entries here are ones added by the Endian system automatically in order to allow a service to work properly.
This page presents configuration options about the reaction of the UTM when asked to resolve a domain name that is known to be either used to propagate spyware or that serves as phishing site. The service is based on a list of malicious domains maintained by phishtank and when a client behind the UTM tries to access one of these domain, he will be redirected to a blackhole (non-existent) domain. To activate the service, click on the grey switch. The following options will appear:
- Whitelist domains
Domain names that are entered in the textarea below are never treated as spyware targets, regardless of the list’s content, and therefore will resolve to their correct IP address.
In case a site has wrongly been blacklisted or if access to a site must always be allowed, regardless of possible false positives, enter its domain name here to allow access to it. Examples could include, for example, operating system update servers, antivirus update servers or other critical services.
- Blacklist domains
Domain names that are entered in the textarea below are always treated as spyware targets, regardless of the list’s content
- Spyware domain list update schedule
The update frequency of the spyware domain list. Possible choices are Daily, Weekly, and Monthly.
To download updated signatures, the system must be registered to Endian Network and option Disable signature updates if uplink is online (Uplinks) must be disabled on every configured uplink., see section