Ways of forwarding DNS queries from internal clients

Last modified on 6 Dec, 2022. Revision 12
Up to date for
cOS Core 14.00.06
Supported since
cOS Core 14.00.01
Status OK

Summary

This how-to article details different ways that cOS Core can be configured to forward DNS queries from clients on a network behind the firewall. In all examples below, the local DHCP server on or behind the firewall will use the IP address of the internal interface for DNS queries (in these examples, the address lan_ip).

Simple forwarding to one DNS server (SAT)

In the example below, any DNS query from hosts inside the lan_net going towards lan_ip (1) will be forwarded to wan_dns1 (2) (assigned from DHCP on the WAN interface).

Load balance over multiple DNS servers (SLB SAT)

In the example below, any DNS query from hosts inside the lan_net going towards lan_ip (1) will be forwarded and load balanced between wan_dns1, wan_dns2 (2) (assigned from DHCP on the WAN interface).

It also possible to monitor these DNS servers and stop forwarding to them if they are down:

Load balance over multiple internal DNS servers with fail-over to public DNS (SLB SAT + Fallback Server)

In the example below, any DNS query from hosts inside the lan_net going towards lan_ip (1) will be forwarded and load balanced between two DNS servers (hq_dns1 and hq_dns2) (2). If both of these are down, it will fallback to wan_dns1 (3) (assigned from DHCP on the WAN interface) by using the Server Fallback Address feature. This allows, for example, a remote site to forward DNS queries to two internal DNS server and, if they are down or unreachable, to forward the queries to a public DNS server.

The DNS servers must be monitored so cOS Core will stop forwarding to them and fallback to the backup if they are down:

Related articles

Using Multicast DNS with cOS Core
24 May, 2021 core howto mdns multicast transparentmode airprint igmp dns



Tagscoredns