Kerio Control includes a DNS server. We recommend configuring the DNS server with the DHCP server in Kerio Control together.Configuration and administration is simple and responses to repeated DNS queries are fast.
Note: In case of Active Directory environments, Kerio Control forwards DNS queries to the internal Domain Name Server if Kerio Control is joined to the domain.
Important: The DNS forwarding service only works for IPv4. IPv6 is not supported.
Configuring simple DNS forwarding
- In the administration interface, go to DNS.
- Select Enable the DNS forwarding service. If the DNS forwarding service is disabled, the DNS module is used only as a Kerio Control's DNS resolver.
- Select Enable DNS cache for faster responses to repeat queries. Responses to repeated queries are much faster with this option enabled (the same query sent by various clients is also considered as a repeated query).
- Before forwarding a DNS query, Kerio Control can perform a local DNS lookup in a hosts table, or hostnames found in the DHCP lease table.
- Combine the field When resolving name from the hosts table or lease table with the DNS domain entry below and specify the name of your local DNS domain. There are two reasons for this:
- DNS names in the Hosts table can be specified without the local domain. (for example jsmith-pc). The DNS module can complete the query with the local domain.
- A host can send the DNS query in the jsmith-pc.example.com format. If the DNS module knows the local domain example.com, the name is divided into host: jsmith-pc and local domain: example.com
- Click Apply.
Configuring custom DNS Forwarding
The DNS module allows forwarding of DNS requests to DNS servers. It can be helpful when we intend to use a local DNS server for the local domain (the other DNS queries are forwarded to the Internet directly — this speeds up the response). DNS forwarder settings also play a role in the configuration of private networks where it is necessary to provide correct forwarding of requests for names in domains of remote subnets.
Request forwarding is defined by rules for DNS names or subnets. Rules are ordered in a list which is processed from the top. If a DNS name or a subnet in a request matches a rule, the request is forwarded to the corresponding DNS server. Queries which do not match any rule are forwarded to the default DNS servers (see above).
Note: If the simple DNS resolution is enabled, the forwarding rules are applied only if the DNS module is not able to respond by using the information in the hosts table and/or by the DHCP lease table.
Defining a rule
For custom DNS forwarding, follow these steps:
- Configure simple DNS resolution.
- Select option Enable custom DNS forwarding to enable settings for forwarding certain DNS queries to other DNS servers and click Edit.
- In the Custom DNS Forwarding dialog, click Add. The rule can be defined for:
- Common DNS queries (A queries),
- Reverse queries (PTR queries).
Rules can be reordered by arrow buttons. This enables more complex combinations of rules — e.g. exceptions for certain workstations or subdomains. As the rule list is processed from the top downwards, rules should be ordered starting by the most specific one (e.g. name of a particular computer) and with the most general one at the bottom (e.g. the main domain of the company).
Similarly to this, rules for reverse DNS queries should be ordered by subnet mask length (e.g. with 255.255.255.0 at the top and 255.0.0.0 at the bottom). Rules for queries concerning names and reversed queries are independent from each other.
- In the Custom DNS Forwarding dialog, you can create these types of rules:
- Match DNS query name — it is necessary to specify a corresponding DNS name (name of a host in the domain). In rules for DNS requests, it is necessary to enter an expression matching the full DNS name. If, for example, the kerio.c* expression is introduced, only names kerio.cz, kerio.com etc. would match the rule and host names included in these domains (such as www.kerio.cz and secure.kerio.com) would not.
- Match IP address from reverse DNS query alternative to specify rule for DNS queries on IP addresses in a particular subnet (i.e. 192.168.1.0/255.255.255.0).
- Use the Forward the query field to specify IP address(es) of one or more DNS server(s) to which queries will be forwarded. If multiple DNS servers are specified, they are considered as primary, secondary, etc. If the Do not forward option is checked, DNS queries will not be forwarded to any other DNS server — Kerio Control will search only in the hosts table or in the DHCP server table (see below). If requested name or IP address is not found, non-existence of the name/address is reported to the client.
- Save the settings and create another rule if it is needed.
By following these procedures you will configure simple DNS and custom DNS, along with rule definitions.