The DNS resolver is explained in more detail in DNS and name resolvers.
NOTE
In the case of Cloud environments a DNS server may not be required as the Cloud resolvers use Cloud APIs and these will usually return the required IP addresses directly.
Host Resolving
The hosts file on the Gateway appliances will be used to resolve hostnames within Entitlements. Add hostnames to the Hosts File in the miscellaneous tab of the Appliance configuration. For details go to Configure appliance.
DNS Resolvers
To allow a Gateway to resolve users' Entitlements out of the box, a limited default DNS resolver is included. As you add more, you can set the order in which they are tried using the up down arrows. The use of the dns:// syntax is supported in Entitlement Actions. Please refer to Defining hosts for more information about this syntax.
Perform AAAA lookups
IPv6 addresses will be resolved (as well as IPv4). AAAA look ups are disabled by default to improve system performance.
Update Interval (seconds)
DNS resolver polling frequency (seconds) to get the latest IP address information. This will affect how quickly the Gateway will respond to changes. Defaults to 60 seconds.
Match Domains (Zone)
When there is a match domain set, this DNS resolver will only be used for matching DNS names. This eliminates any unnecessary DNS look-ups. When no match domain is set, this DNS resolver is used for all DNS look-ups. The match domain will also be used as the 'zone' when Zone transfer is enabled (bee below).
DNS Servers
Enter one or more IP addresses for the DNS server(s). If left empty, the appliances' DNS Server settings will be used.
Zone transfers (to Gateway)
Delegate DNS to the Gateway for those zones defined in Match Domains. Zone transfers are recommended as the DNS resolver can make a lot of DNS requests.
NOTE
Zone transfers usually requires that the feature be enabled on the DNS server for a specific IP address; in this case the Gateway(s).
Client DNS auto-configuration
Uses this resolver's DNS settings for the Clients when no other DNS Policy exists. A (hidden) DNS Policy will be created (with fallback Site enabled) along with a suitable (hidden) Entitlement. This will be assigned automatically when a user has at least one other Entitlement for this Site AND no other DNS Policy assigned.
Default TTL for DNS lookups (Deprecated)
This will no longer be used by v6.5 Gateways. On earlier systems, this was set to 300 seconds to be longer than the update interval (to limit DNS queries).