(Ported from the post with the same title in the Astaro.org User BB.) The 'Global' tab of 'Network Services >> DNS' lists "Internal (Network)" (also other internal networks, like "DMZ (Network)" if applicable) as 'Allowed networks'. On the 'Forwarders' tab, use an Availability Group containing the OpenDNS or Google name servers in 'DNS Forwarders'. 'Use forwarders assigned by ISP' is not checked.* In 'Request Routing', the internal DNS is used for reverse DNS of internal IPs (for example if your internal subnet is 172.16.20.0/24, you would have '20.16.172.in-addr.arpa -> {Internal DNS}'. With that, the Astaro can list machine names instead of internal IP addresses in the reports. Also, in 'Request Routing', so the Astaro can resolve internal FQDNs, add, for example 'yourdomain.loc -> {internal DNS server}'. Do the same for other domains for which you have Forward Lookup Zones in your internal DNS server. Configure Windows Server (or other) DHCP server for internal devices to point at your internal name server for DNS, then the Astaro, then the OpenDNS servers. The internal DNS server's first forwarder is to the Astaro DNS Proxy, then to the OpenDNS servers. We used to do it the other way, but comments by BarryG, BruceKConvergent and others convinced me to change our approach. Cheers - Bob * Caution: unchecking 'Use forwarders assigned by ISP' and failing to populate 'DNS Forwarders' will result in degraded performance as the ASG/UTM will fall back to the Root Name Servers. Change Log: 2015-06-22 based on a thread by TCF, I improved the wording in #1, #2 & #4; 2015-06-20 changed from .local to .loc as reminded by bimmerdriver; 2015-03-20 Added title; 2013-10-09 Added Availability Group idea from adrienjb in #2; 2013-02-04 reordered; 2012-08-20 Added "* Caution" note for #2 based on a suggestion by BarryG; 2014-10-04 DHCP and internal FQDNs; 09-24-2009, 05:15 PM original post
↧