We all know that we create forward lookup zone in AD Server. One of the role played by AD server is DNS server.
So, DNS server is used for the Name to IP resolution & vice versa. In this article, to access locally hosted (domain related) websites which only gets resolved by DNS server, we need to create Forward lookup zone in DNS server and for IP to Name resolution, we also need to create Reverse Lookup Zone. This DNS server is nothing but your AD server with DNS role installed in it.
(Fig.: AD server connection in Local network behind the UTM)
Steps to create Forward Lookup Zone:
In forward lookup zone, we gives direction to the DNS resolution request from domain client system to get it resolved into IP address from Domain and allow client system to establish connection with said Domain.
1. Initially, check that which DNS is configured to resolve web domain with the help of “Nslookup” command as given in figure.
2. Go to DNS server-->DNS-->Domain(e.x., UTMLAB)-->New Zone.
3. Select Zone Type as Primary.
4.Select Data replication to domain controllers in the Domain.
5. Select option forward Lookup Zone.
6. Enter Zone name(e.x., Seqrite.com)
7. Select Allow dynamic updates option as it will update to DNS server even if there is any changes with local IP.
8. Click on Finish.
Till now, we have created the zone. Now we can add records viz., host(A or AAAA), Alias (CNAME) to that zone. Host record is nothing but the domain user’s record.
When user enters into the domain from workgroup then, host record is created in this zone automatically. We just have to set Default Gateway and Preferred DNS of that host system to the DNS server’s IP. And then DNS server’s gateway will be UTM local IP, preferred DNS will be its own IP.
Steps to add Host record in the Forward Lookup Zone:
1.Right click on newly created zone and select option New Host (A or AAAA).
2. Add Host name & respective IP address for that host. Here host is one of User from the Domain.
3. Click on Add Host.
4. Now check that how request is getting resolved.
For resolving external website domain:
Using lookup zone, we can direct all the Domain LAN users towards the UTM. Till now we have only reached to the the UTM but if we try to nslookup for any external website domain; it won’t get resolved. Because, we have not forwarded the DNS request to the Internet. For this, we need to configure Forwarder for the entire domain which will forward the DNS request ahead to the UTM which will further pass it on towards Global/ISP DNS server for resolution.
Steps to create Forwarder:
1. Before configuring Forwarder for the domain.
2. Right Click on Domain Name & select option Properties.
3. Select Forwarder and click on Edit.
4. Enter the UTM local IP here & it will forward the request ahead to the Global/ISP DNS.
5. Select option Apply & then Ok.
6. Now, check how the request for any website is getting resolved.
Note: After this configuration, its mandatory to use AD server’s local IP as primary DNS server and UTM IP as secondary DNS server for all host in local network. UTM should have ISP or 18.104.22.168 global DNS Configured at least to resolve external domain using UTM Lan IP as DNS server.
For assistance please write us @ UTMSupport@Seqrite.com