Configuring general settings
The general settings configuration specifies the interfaces that listen for DNS requests. By default, the system listens on the IPv4 and IPv6 addresses of all configured interfaces for DNS requests.
The other settings in the general settings configuration are applied when traffic does not match a Global DNS policy.
From general settings, you can also enable DNS over HTTP/HTTPS (DoH) and DNS over TLS (DoT) to encrypt the DNS query.
Before you begin:
- You must have a good understanding of DNS and knowledge of the DNS deployment in your network.
- You must have Read-Write permission for Global Load Balance settings.
- If enabling DNS over HTTPS/TLS, you must have prepared a dedicated DNS server domain and a certificate pair for your DNS over HTTPS/TLS service. For details, see Configuring DNS over HTTPS and DNS over TLS.
To configure general settings:
- Go to Global Load Balance > Zone Tools.
- Click the General Settings tab.
- Complete the configuration as described in General configuration.
- Save the configuration.
Settings | Guidelines |
---|---|
Global DNS Configuration |
Enables/disables this configuration. |
Recursion |
Enables/disables recursion. If enabled, the DNS server attempts to do all the work required to answer the query. If not enabled, the server returns a referral response when it does not already know the answer. |
DNSSEC Validation |
Enables/disables DNSSEC validation. |
Listen on IPv6 |
Enables/disables listening for DNS requests on the interface IPv6 address. |
Listen on IPv4 |
Enables/disables listening for DNS requests on the interface IPv4 address. |
Traffic Log |
Enables/disables traffic log. |
Listen on All Interface |
Enables listening on all interfaces. |
Interface List |
The Interface List option is available if Listen on All Interface is disabled. If not listening to all interfaces, select one or more ports to listen on. |
DNS over HTTPS |
Enables/disables DNS over HTTPS to encrypt DNS queries using the HTTPS protocol. |
DNS over HTTPS Port |
The DNS over HTTPS Port option is available if DNS over HTTPS is enabled. Specify the port to listen on DNS over HTTPS. Default: 443 Range: 1-65535. |
DNS over HTTPS Interface List |
The DNS over HTTPS Interface List option is available if DNS over HTTPS is enabled. Select the interface(s) to listen on for DNS over HTTPS. |
DNS over HTTP |
Enables/disables DNS over HTTP to encrypt DNS queries using the HTTP protocol. |
DNS over HTTP Port |
The DNS over HTTP Port option is available if DNS over HTTP is enabled. Specify the port to listen on DNS over HTTP. Default: 80 Range: 1-65535. |
DNS over HTTP Interface List |
The DNS over HTTP Interface List option is available if DNS over HTTP is enabled. Select the interface(s) to listen on for DNS over HTTP. |
DNS over TLS |
Enables/disables DNS over TLS to encrypt DNS queries using the TLS protocol. |
DNS over TLS Port |
The DNS over TLS Port option is available if DNS over TLS is enabled. Specify the port to listen on DNS over TLS. Default: 853 Range: 1-65535. |
DNS over TLS Interface List |
The DNS over TLS Interface List option is available if DNS over TLS is enabled. Select the interface(s) to listen on for DNS queries for DNS over TLS. |
Certificate |
The Certificate option is available if DNS over HTTPS or DNS over TLS is enabled. Select the certificate object to apply for DNS over HTTPS or DNS over TLS. This certificate must refer to the DNS server domain or IP address. For details, see Configuring DNS over HTTPS and DNS over TLS. |
Forward |
Note: The internal server caches the results it learns from forwarders, which optimizes subsequent lookups. |
Use System DNS Server |
Forwards DNS requests to the system DNS server instead of the forwarders list. |
Response Rate Limit |
Selects a rate limit configuration object. See Configuring the response rate limit. |