Administrator's Guide - Kerio Software Archive
Administrator's Guide - Kerio Software Archive Administrator's Guide - Kerio Software Archive
Chapter 9 Configuration of network services This chapter provides guidelines for setting of basic services in Kerio Control helpful for easy configuration and smooth access to the Internet: • DNS module — this service is used as a simple DNS server for the LAN, • DHCP server — provides fully automated configuration of LAN hosts, • DDNS client — provides automatic update of firewall logs in public dynamic DNS, • Proxy server — enables access to the Internet for clients which cannot or do not want to use the option of direct access, • HTTP cache — this service accelerates access to repeatedly visited web pages (for direct connections with proxy server). 9.1 DNS module In Kerio Control, the DNS Forwarder module can be used to enable easier configuration for DNS hosts within local networks or to speed up responses to repeated DNS queries. At local hosts, DNS can be defined by taking the following actions: • use IP address of the primary or the back-up DNS server. This solution has the risk of slow DNS responses. All requests from each computer in the local network will be sent to the Internet. • use the DNS server within the local network (if available). The DNS server must be allowed to access the Internet in order to be able to respond even to queries sent from outside of the local domain. • use the DNS module in Kerio Control. It can be also used as a basic DNS server for the local domain or/and as a forwarder for the existing server. If possible, it is recommended to use the DNS module as a primary DNS server for LAN hosts (the last option). The DNS module provides fast processing of DNS requests and their correct routing in more complex network configurations. The DNS module can answer directly to repeated requests and to requests for local DNS names, without the need of contacting DNS servers in the Internet. If the DNS module cannot answer any DNS request on its own, it forwards it to a DNS server set for the Internet link through which the request is sent. For details addressing configuration 124
9.1 DNS module of the firewall’s network interfaces, see chapter 5, more information on Internet connection options, refer to chapter 6. The DNS module configuration By default, DNS server (the DNS forwarder service), cache (for faster responses to repeated requests) and simple DNS names resolver are enabled in Kerio Control. The configuration can be fine-tuned in Configuration → DNS. Figure 9.1 DNS settings Enable DNS forwarder This option enables DNS server in Kerio Control. Without other configuration, any DNS requests are forwarded to DNS servers on the corresponding Internet interface. If the DNS forwarder service is disabled, the DNS module is used only as a Kerio Control’s DNS resolver. Warning: If DNS forwarder is not used for your network configuration, it can be switched off. If you want to run another DNS server on the same host, DNS forwarder must be disabled, otherwise collision might occur at the DNS service’s port (53/UDP). 125
- Page 73 and 74: 6.4 Network Load Balancing On the t
- Page 75 and 76: 6.4 Network Load Balancing Hint: Sp
- Page 77 and 78: Chapter 7 Traffic Policy Traffic Ru
- Page 79 and 80: 7.1 Network Rules Wizard Step 4 —
- Page 81 and 82: 7.1 Network Rules Wizard Figure 7.5
- Page 83 and 84: 7.1 Network Rules Wizard Note: In t
- Page 85 and 86: 7.3 Definition of Custom Traffic Ru
- Page 87 and 88: 7.3 Definition of Custom Traffic Ru
- Page 89 and 90: 7.3 Definition of Custom Traffic Ru
- Page 91 and 92: 7.3 Definition of Custom Traffic Ru
- Page 93 and 94: 7.3 Definition of Custom Traffic Ru
- Page 95 and 96: 7.3 Definition of Custom Traffic Ru
- Page 97 and 98: 7.4 Basic Traffic Rule Types Do not
- Page 99 and 100: 7.4 Basic Traffic Rule Types Figure
- Page 101 and 102: 7.4 Basic Traffic Rule Types Transl
- Page 103 and 104: 7.5 Policy routing 7.5 Policy routi
- Page 105 and 106: 7.6 User accounts and groups in tra
- Page 107 and 108: 7.7 Partial Retirement of Protocol
- Page 109 and 110: 7.8 Use of Full cone NAT as possibl
- Page 111 and 112: 7.9 Media hairpinning the port of t
- Page 113 and 114: 8.1 Network intrusion prevention sy
- Page 115 and 116: 8.1 Network intrusion prevention sy
- Page 117 and 118: 8.2 MAC address filtering Figure 8.
- Page 119 and 120: 8.3 Special Security Settings Anti-
- Page 121 and 122: 8.4 P2P Eliminator Figure 8.5 Detec
- Page 123: 8.4 P2P Eliminator The Define servi
- Page 127 and 128: 9.1 DNS module Figure 9.2 Editor of
- Page 129 and 130: 9.1 DNS module Figure 9.3 Specific
- Page 131 and 132: 9.2 DHCP server If the Do not forwa
- Page 133 and 134: 9.2 DHCP server Figure 9.5 DHCP ser
- Page 135 and 136: 9.2 DHCP server Figure 9.7 DHCP ser
- Page 137 and 138: 9.2 DHCP server Figure 9.9 DHCP ser
- Page 139 and 140: 9.2 DHCP server Leases IP scopes ca
- Page 141 and 142: 9.2 DHCP server Figure 9.13 DHCP se
- Page 143 and 144: 9.3 Dynamic DNS for public IP addre
- Page 145 and 146: 9.4 Proxy server Proxy Server Confi
- Page 147 and 148: 9.5 HTTP cache Note: The configurat
- Page 149 and 150: 9.5 HTTP cache other objects can be
- Page 151 and 152: 9.5 HTTP cache TTL TTL of objects m
- Page 153 and 154: Chapter 10 Bandwidth Limiter The ma
- Page 155 and 156: 10.2 Bandwidth Limiter configuratio
- Page 157 and 158: 10.2 Bandwidth Limiter configuratio
- Page 159 and 160: 10.3 Detection of connections with
- Page 161 and 162: 11.1 Firewall User Authentication T
- Page 163 and 164: 11.1 Firewall User Authentication a
- Page 165 and 166: 12.1 Web interface and certificate
- Page 167 and 168: 12.2 User authentication at the web
- Page 169 and 170: Chapter 13 HTTP and FTP filtering K
- Page 171 and 172: 13.2 URL Rules Rules in this sectio
- Page 173 and 174: 13.2 URL Rules for example a rule a
9.1 DNS module<br />
of the firewall’s network interfaces, see chapter 5, more information on Internet connection<br />
options, refer to chapter 6.<br />
The DNS module configuration<br />
By default, DNS server (the DNS forwarder service), cache (for faster responses to repeated<br />
requests) and simple DNS names resolver are enabled in <strong>Kerio</strong> Control.<br />
The configuration can be fine-tuned in Configuration → DNS.<br />
Figure 9.1<br />
DNS settings<br />
Enable DNS forwarder<br />
This option enables DNS server in <strong>Kerio</strong> Control. Without other configuration, any DNS<br />
requests are forwarded to DNS servers on the corresponding Internet interface.<br />
If the DNS forwarder service is disabled, the DNS module is used only as a <strong>Kerio</strong> Control’s<br />
DNS resolver.<br />
Warning:<br />
If DNS forwarder is not used for your network configuration, it can be switched<br />
off. If you want to run another DNS server on the same host, DNS forwarder must<br />
be disabled, otherwise collision might occur at the DNS service’s port (53/UDP).<br />
125