Table of Contents
Advertisement
Services
To limit access based on firewall zones:
n
(config)> add service dns acl zone end value
Where value is a firewall zone defined on your device, or the any keyword.
Repeat this step to list additional firewall zones.
4. (Optional) Cache negative responses
By default, the device's DNS server caches negative responses. Disabling this option may
improve performance on networks with transient DNS results, when one or more DNS servers
may have positive results. To disable:
(config)> service dns cache_negative_responses false
(config>
5. (Optional) Query all servers
By default, the device's DNS server queries all available DNS servers. Disabling this option may
improve performance on networks with transient DNS results, when one or more DNS servers
may have positive results. To disable:
(config)> service dns query_all_servers false
(config>
6. (Optional) Rebind protection
By default, rebind protection is disabled. If enabled, this prevents upstream DNS servers from
returning private IP addresses. To enable:
IX20 User Guide
Display a list of available firewall zones:
Type ... firewall zone ? at the config prompt:
(config)> ... firewall zone ?
Zones: A list of groups of network interfaces that can be
referred to by packet
filtering rules and access control lists.
Additional Configuration
--------------------------------------------------------
-----------------------
any
dynamic_routes
edge
external
internal
ipsec
loopback
setup
(config)>
Configure DNS
436
Advertisement
Table of Contents
