The DNS forwarder is an alternative means of resolving DNS queries. See the DNS and name resolution section for more information. Complete the fields in the DNS Forwarding section of the Add/Edit Site page to configure DNS forwarding:
NOTE
On mobile operating systems, the DNS forwarder is only supported when used with Route all traffic through tunnel (Default Gateway). This is due to the API limitations of the mobile operating systems.
DNS forwarding supports the use of the *.company.com syntax (domain:// syntax is deprecated) in entitlement actions. Refer to Defining hosts for more information about this syntax. IPv4 and IPv6 are optional, but at least one of them needs to be filled.
Complete the following fields to configure DNS forwarding for the Site:
DNS Forwarder IPv4 address. A random IP address will be assigned (100.127.x.y) to the DNS forwarder. This address should then be used in the DNS policy for the clients. This can be changed if you need to assign a different address.
DNS Forwarder IPv6 address. Enter an IPv6 address for the DNS forwarder. This address should then be used in the DNS policy for the clients. Remember to add access entitlements (in your DNS policy) for the IP addresses from above if not using client DNS auto-configuration.
DNS Servers. Enter one or more IP addresses for the DNS server(s) that the DNS forwarder will use. These must be recursive; forwarding unknown DNS requests. If left empty, the appliances' DNS server settings will be used.
Client DNS.
Match Domains. The match domains combined with the configured DNS servers will be used to generate the client DNS configuration. A hidden DNS policy will be created (with fallback Site enabled) along with a suitable hidden entitlement. This will be assigned automatically when a user has at least one other entitlement for this Site and no other DNS policy assigned.
Resolved IPs - Allow Destinations. Resolved IP addresses will only be used if they fall within these allowed destination ranges. By default all IPs are allowed.