Appendix 6 DNS servers for IPSec VPN Note
DNS Domain Names
DNS (Domain Name System), a system for naming computers and network
services that is organized into hierarchy of domain. DNS services provided by the
DNS server can resolve the name to other information associated with the name, such
as an IP address. The ZyWALL can be configured as a DHCP server. For most cases,
your computer connected to the LAN of the ZyWALL can get IP settings (IP address,
network mask, gateway address and DNS server address) from the ZyWALL DHCP
server automatically.
There are three ways the ZyWALL’s DHCP server assigns DNS servers
addressed to its DHCP client computers.
(1) If the administrator has setup DNS servers on the ZyWALL’s DHCP setting, the
ZyWALL will tell the client those DNS server addresses.
(2) If the DNS server has not been setup on the ZyWALL DHCP server, but the
ZyWALL has gotten the public DNS servers from the ISP; the ZyWALL will
assign those public DNS servers address.
(3) The ZyWALL gives its own LAN IP address and acts as a DNS server proxy.
But the above are not enough for IPSec VPN applications.
How to access the private network by using domain names
On the IPSec VPN application, the user on the LAN of the ZyWALL, wants to
access remote private networks. He must use the IP address to identify the
remote site he wants to access. But at the modern intranet applications, we still
want to have the DNS service for private network access. For example, there
is a private Web server installed at the headquarters of your computer. You can
access this Web server inside your company, or from your home by way of the
ZyWALL’s IPSec tunnel. The IP address of the private Web server is also
private. You can’t use the Internet public DNS servers to resolve those domain
names that belong to your company’s private network. You must setup those
private DNS servers on your computer manually if you want to access the
private network by using domain names.
ZyWALL DNS Servers for IPSec VPN
The ZyWALL has added DNS Server on each IPSec policy setup. When you setup
the IPSec rule, you can give the DNS server if there exists a DNS Server that provides
DNS service for this private network. The DHCP client (on ZyWALL’s LAN)
requests the IP information from your ZyWALL, the ZyWALL assigns additional
DNS servers for IPSec VPN to the client, if the assigned IP address belongs to the
range of local addresses of the IPSec rule.
To Next Page
Loading...
