Page 45

Internet Security Router User

’s Manual

Chapter 5. Configuring LAN Settings

5.3

DNS

5.3.1

About DNS

Domain Name System (DNS) servers map the user-friendly domain names that users type into their Web

browsers (e.g., "yahoo.com") to the equivalent numerical IP addresses that are used for Internet routing.

When a PC user types a domain name into a browser, the PC must first send a request to a DNS server to

obtain the equivalent IP address. The DNS server will attempt to look up the domain name in its own database,

and will communicate with higher-level DNS servers when the name cannot be found locally. When the

address is found, it is sent back to the requesting PC and is referenced in IP packets for the remainder of the

communication.

5.3.2

Assigning DNS Addresses

Multiple DNS addresses are useful to provide alternatives when one of the servers is down or is encountering

heavy traffic. ISPs typically provide primary and secondary DNS addresses, and may provide additional

addresses. Your LAN PCs learn these DNS addresses in one of the following ways:

„ Statically: If your ISP provides you with their DNS server addresses, you can assign them to each PC

by modifying the PCs' IP properties.

„ Dynamically from a DHCP pool: You can configure the DHCP Server the Internet Security Router

and create an address pool that specify the DNS addresses to be distributed to the PCs. Refer to the

section Configuring DHCP Server on page 27 for instructions on creating DHCP address pools.

In either case, you can specify the actual addresses of the ISP's DNS servers (on the PC or in the DHCP pool),

or you can specify the address of the LAN port on the Internet Security Router (e.g., 192.168.1.1). When you

specify the LAN port IP address, the device performs DNS relay, as described in the following section.

Note

If you specify the actual DNS addresses on the PCs or in the

DHCP pool, the DNS relay feature is not used.

5.3.3

Configuring DNS Relay

When you specify the device's LAN port IP address as the DNS address, then the Internet Security Router

automatically performs

“DNS relay”; i.e., because the device itself is not a DNS server, it forwards domain

name lookup requests from the LAN PCs to a DNS server at the ISP. It then relays the DNS server

’s response

to the PC.

When performing DNS relay, the Internet Security Router must maintain the IP addresses of the DNS servers

it contacts. It can learn these addresses in either or both of the following ways:

„ Learned through PPPoE or Dynamic IP Connection: If the Internet Security Router uses a PPPoE

(see section 6.2.2 Configuring PPPoE for WAN) or Dynamic IP (see section 6.3.2 Configuring

Dynamic IP for WAN) connection to the ISP, the primary and secondary DNS addresses can be

learned via the PPPoE protocol. Using this option provides the advantage that you will not need to

reconfigure the PCs or the Internet Security Router if the ISP changes their DNS addresses.

„ Configured on the Internet Security Router: You can also specify the ISP's DNS addresses in the

WAN Configuration page as shown in Figure 6.1. WAN PPPoE Configuration Page, Figure 6.2. WAN

Dynamic IP (DHCP client) Configuration Page, or Figure 6.3. WAN Static IP Configuration Page.

Follow these steps to configure DNS relay:

Enter LAN IP in the DNS Server IP Address field in DHCP configuration page as shown in Figure

5.2.