Document toolboxDocument toolbox

Using Forwarders

Owned by Sri Raghu
Last updated: Mar 26, 2024 by Gary Leicht
2 min read

A forwarder is essentially a name server to which all other name servers first send queries that they cannot resolve locally. The forwarder then sends these queries to DNS servers that are external to the network, avoiding the need for the other name servers in your network to send queries off-site. A forwarder eventually builds up a cache of information, which it uses to resolve queries. This reduces Internet traffic over the network and decreases the response time to DNS clients. This is useful in organizations that need to minimize off-site traffic, such as a remote office with a slow connection to a company’s network.

You can select any external server to function as a forwarder. You can also configure the application to send queries to one or more forwarders.

Note

If you have enabled both DNS forwarding proxy and BloxOne DDI DNS services on the same host, the forwarders configuration you specified in this section will be overwritten by the DNS forwarding proxy listening on port 1053, For information about configuring DNS forwarding proxy and BloxOne DDI DNS, see Configuring DNS Forwarding Proxy and Universal DDI DNS.

To configure forwarders for the application, complete the following:

  1. From the Cloud Services Portal, click Manage -> DNS, and click Global DNS Configuration.
  2. In the Global DNS Configuration page, click Recursion.
  3. In the Recursion section, click Allow recursion -> Add to add or click Remove to remove the entries under the FORWARDERS section, and enter an IP address in the ADDRESS column. The field supports only IPv4 values. Select the respective checkbox and click Remove to remove a forwarder.

  4. To use only forwarders on your network (and not root servers), select the Forward Only checkbox.

  5. If you know that the forwarder forwards queries to a DNS forwarding proxy, then you can pass the client’s IP, MAC addresses, and DNS view information to that forwarder, for per-client reporting. To add these details to the outgoing recursive queries, select the Add client IP, Mac Address, and DNS View information to outgoing recursive queries checkbox. Unless the forwarder is known to forward to a DNS forwarding proxy, this check box must not be selected since the passed client information is privacy sensitive. In particular, this check box must not be selected if the forwarder is an external public DNS service.

  6. In case you need to specify a forwarder IP instead of recursing to the Internet root DNS servers, you can choose the option Use these forwarders for local host resolution (when deployed alongside BloxOne Threat Defense).  These DNS Forwarders will be used in lieu of recursing to the Internet root name servers. This configuration is helpful in situations where access to the root servers is restricted. 
  7. Click Save & Close to save.

Note

If a DNS Forwarding Proxy (DFP) is enabled and no policy is configured, selecting Use these forwarders for local host resolution (when deployed alongside BloxOne Threat Defense) check box may result in a SERFAIL error when responding to DNS queries.