Enable DNS lookup for bypass destinations
If you want or need to use a fully-qualified domain name (FQDN) when specifying a bypass destination, you can enable DNS lookup for bypass. An FQDN may be necessary if the bypass destination IP is not static.
- Supported Versions
- 2.2.10 and later Conductors
- Required Role
- System administrators
- Go to .
- Select Edit Settings.
- Toggle Enable bypass DNS lookup to On.
- To automatically allow the DNS servers configured on an Airwall Gateway underlay port (instead of listing them under Allowed DNS server IPs), check Allow Airwall DNS servers. Note this means the DNS servers being used could be different per Airwall Gateway.
-
Set trust to the DNS server on the overlay.
Note: The traffic path to resolve hosts must follow the same path on the overlay as the traffic to the actual bypass destination. This requirement means that the DNS server must itself be a bypass destination and the overlay devices using it must have policy to it.
- Under Allowed DNS server IPs, enter trusted DNS server IPs that you want bypass destinations to have access to for DNS lookup. Separate IPs with commas.
- Under Minimum TTL, change the minimum amount of time to accept traffic from resolved IP addresses.
- Select Update.