• SonicOS and SonicOSX 7
• Configuring DNS Settings
  • Configuring DNS for IPv4
    • Specifying which DNS Servers are Used
    • Enabling Proxy of Split DNS Servers
    • DNS Rebinding Attack Prevention
    • DNS Rebinding and Cache Lookup
    • Enabling DNS Host Name Lookup over TCP for FQDN
    • DNS Cache Lookup
  • Configuring DNS for IPv6
  • Configuring Domain-Specific DNS Servers for Split DNS
    • About Split DNS
      • About Per-Partition DNS Servers and Split DNS
    • Adding a Split DNS Server
    • Editing Split DNS Entries
    • Deleting Split DNS Entries
• Configuring Dynamic DNS
  • About Dynamic DNS
    • Supported DDNS Providers
  • Dynamic DNS Profiles
    • Configuring Dynamic DNS Profiles
    • Editing Dynamic DNS Profiles
    • Deleting Dynamic DNS Profiles
• Configuring DNS Proxy Settings
  • About DNS Proxy
    • Supported Interfaces
    • DNS Server Liveness Detection and Failover
    • DNS Cache
    • High Availability Stateful Synchronization of DNS Cache
    • DHCP Server
  • Enabling Log Settings
  • Monitoring Packets
  • Configuring DNS Proxy Settings
    • Enabling DNS Proxy
    • Configuring DNS Proxy Settings
    • Deleting Static DNS Cache Entries
    • Viewing DNS Proxy Cache Objects
    • Flushing Dynamic DNS Cache Entries
• Configuring DNS Security
  • About DNS Sinkholes
  • Configuring DNS Security Settings
  • Deleting Entries in the Lists
  • Configuring DNS Tunnel Detection
    • Configuring DNS Tunneling Detection
    • Viewing Detected Suspicious Clients
    • Creating DNS Tunnel Detection White Lists
    • Deleting DNS Tunnel Detection White List Entries
• SonicWall Support
  • About This Document

About DNS Proxy

An IPv4 interface can do name resolution on an IPv4 Internet, and an IPv6 interface can only do name resolution on an IPv6 Internet through DNS proxy. To allow IPv4 clients to access DNS services in a network with mixed IPv4 and IPv6 interfaces, SonicOS/X supports DNS proxy.

The DNS proxy feature provides a transparent mechanism that allows devices to proxy hostname resolution requests on behalf of clients. The proxy can use existing DNS cache, which is either statically configured by you or learned dynamically, to respond to the queries directly.

The proxy can redirect the DNS queries selectively to specific DNS servers, according to partial or complete domain specifications. This is useful when VPN tunnels or PPPoE virtual links provide multiple network connectivity, and it is necessary to direct some DNS queries to one network, and other queries to another network.

With DNS Proxy, LAN Subnet devices use the SonicWall network security appliance as the DNS Server and send DNS queries to the network security appliance. The network security appliance proxies the DNS queries to the real DNS Server. In this way, the network security appliance is the central management point for the network DNS traffic, providing the ability to manage the DNS queries of the network at a single point.

To maintain security, an incoming DNS Query is proxied only after Access Rule and DPI checking.

When DNS proxy is enabled on an interface, one Allow Rule is auto-added by SonicOS/X.

When DNS Proxy over TCP is enabled, another Allow Rule is auto-added.

• Supported Interfaces
• DNS Server Liveness Detection and Failover
• DNS Cache
• High Availability Stateful Synchronization of DNS Cache