Enable DNS lookup for bypass destinations

If you want or need to use a fully-qualified domain name (FQDN) when specifying a bypass destination, you can enable DNS lookup for bypass. An FQDN may be necessary if the bypass destination IP is not static.

Supported Versions
2.2.10 and later Conductors
Required Role
System administrators
  1. Go to Settings > Bypass DNS.
  2. Select Edit Settings.
  3. Toggle Enable bypass DNS lookup to On.
    DNS settings for bypass destinations dialog box with Enable bypass DNS lookup on.
  4. To automatically allow the DNS servers configured on an Airwall Gateway underlay port (instead of listing them under Allowed DNS server IPs), check Allow Airwall DNS servers. Note this means the DNS servers being used could be different per Airwall Gateway.
  5. Set trust to the DNS server on the overlay.
    Note: The traffic path to resolve hosts must follow the same path on the overlay as the traffic to the actual bypass destination. This requirement means that the DNS server must itself be a bypass destination and the overlay devices using it must have policy to it.
  6. Under Allowed DNS server IPs, enter trusted DNS server IPs that you want bypass destinations to have access to for DNS lookup. Separate IPs with commas.
  7. Under Minimum TTL, change the minimum amount of time to accept traffic from resolved IP addresses.
  8. Select Update.
You can now use an FQDN when specifying a bypass destination. See step 4 under Local Bypass.