This topic is ONLY relevant to security gateways. It is NOT relevant to managed switches.
Overview
The DNS page allows you to customize how DNS queries from your network are handled. Here you are able to specify which domains can be visited and which DNS servers should handle specific DNS queries. You can also create these settings using an Enterprise Template.
Local DNS Entry Settings
The Local DNS Entries list (Fig. 2) shows domains for which the IP address returned by a DNS query should be overwritten with a value you have provided, allowing you to deny access to those domains. This is useful for preventing access to malicious or off-limits websites, such as YouTube or Facebook.
To create a local DNS entry, use the form at the bottom of the list. Enter a Domain to which you would like to deny access, enter the IP Address you want to have overwrite the actual IP address of that domain, and then click the “Add” button.
You can route users to “127.0.0.1,“ which is the default local host IP address. A better solution is to host a page on your network that explains these restrictions to users, and use the IP address of that page for these entries.
To delete a local DNS entry, click its “X” button in the Option column.
Split DNS Entry Settings
The Split DNS Entries list (Fig. 3) shows domains for which all DNS queries should be handled by a specific DNS server. This is useful if you want an internal DNS server to handle a DNS query that routes you to an internal domain, such as an Active Directory.
To create a split DNS entry, use the form at the bottom of the list. Enter a Domain you would like to split from the default DNS server, enter the DNS Server address that you would like to handle DNS queries for that domain, and then click the “Add” button.
To delete a split DNS entry, click its “X” button in the Option column.
Enterprise Templates
In addition to this page, DNS settings can also be specified in Enterprise Templates. Enterprise Templates are managed on the Services page of the Configure section.
If an Enterprise Template is enabled and contains DNS settings, then those settings will appear as entries on this page automatically (Fig. 4).
Entries in these lists that were created by an Enterprise Template identify the template in the Enterprise Template column. These entries cannot be changed or deleted here; the template itself must be updated or disabled on the Services page instead.
See the Services documentation for more details.