Configure Network DNS and WINS Servers

You must configure network (global) DNS and WINS servers on the Firebox for some features to work. You configure the network DNS and WINS servers in the Firebox network configuration separate from the interface settings. Network DNS and WINS servers are also known as global DNS and WINS servers.

Multiple Firebox features and clients use the network DNS and WINS servers to resolve DNS queries:

  • Network clients on the trusted or optional networks
  • IPSec VPNs
  • Mobile VPN clients
    Mobile VPN clients use only the first two DNS servers in the list.
  • Subscription services

Best Practices

We recommend these best practices for network DNS and WINS servers:

  • Configure at least two DNS servers, one with a private IP address, and another with a public IP address. We recommend that you list the private DNS server first, so it has higher precedence. If you do not have an internal DNS server, we recommend that you specify two external DNS servers from different providers for redundancy.
  • Make sure your network DNS and WINS servers are accessible from the Firebox trusted interface. 
  • Use only an internal DNS and WINS server for DHCP and Mobile VPN. This is to make sure that you do not create policies with configuration properties that make it difficult for your users to connect to the DNS server.
  • For granular control of DNS forwarding traffic, you can edit the Allow DNS-Forwarding policy in Fireware v12.9 or higher. For example, you might want to exclude IoT devices from DNS forwarding. For more information about this policy, go to Conditional DNS Forwarding.

For more information about Firebox configuration best practices, go to Firebox Configuration Best Practices.

DNS Server Precedence

The Firebox uses the network DNS and WINS servers unless you specify a different DNS/WINS server elsewhere in the Firebox configuration.

  • You can specify different DNS and WINS servers in the Mobile VPN with SSL settings. For more information, go to Manually Configure the Firebox for Mobile VPN with SSL.
  • (Fireware v12.2.1 or higher) You can specify different DNS and WINS servers in the Mobile VPN with IKEv2, Mobile VPN with IPSec, and Mobile VPN with L2TP settings. For more information, go to DNS and Mobile VPNs.
  • You can specify different DNS and WINS servers when you configure an interface to use the Firebox as a DHCP server. For more information, go to Configure an IPv4 DHCP Server.
  • You can configure DNS Forwarding rules that send DNS queries for specified domains to specified DNS servers. For more information, go to About DNS Forwarding.
  • (Firebox v12.1.1 or higher) If you enable the DNSWatch feature on your Firebox, some DNS queries are sent to DNSWatch DNS servers instead of the network DNS server. For more information about DNS server precedence, go to About DNS on the Firebox. For information about DNSWatch, go to About WatchGuard DNSWatch.

Configure Network DNS and WINS Servers

Related Topics

About DNS on the Firebox

About Network Modes and Interfaces

Common Interface Settings

DNS and Mobile VPNs