Due to additional security measures, we have implemented Multi-Factor Authentication (MFA) on this Support Portal. Please log in using your registered email ID or phone number. In case of any difficulty, kindly reach out to Seqrite Support by emailing us at "support@seqrite.com".
  1. Home
  2. Solutions
  3. How-To Articles
  4. How to configure Forward Lookup Zone in AD Server

How-To Articles

How to configure Forward Lookup Zone in AD Server

27-02-2020 13:02:23

Overview:

We all know that we create a forward lookup zone in AD Server. One of the roles played by the AD server is a DNS server.

So, the DNS server is used for the Name to IP resolution & vice versa. In this article, to access locally hosted (domain related) websites that only gets resolved by the DNS server, we need to create a Forward lookup zone in the DNS server and for IP to Name resolution, we also need to create Reverse Lookup Zone. This DNS server is nothing but your AD server with a DNS role installed in it.

Applicable Version: All

Scenario:

(Fig.: AD server connection in Local network behind the UTM)

Steps to create Forward Lookup Zone:

In the forward lookup zone, we give direction to the DNS resolution request from the domain client system to get it resolved into IP address from Domain and allow the client system to establish a connection with said Domain.

1. Initially, check that which DNS is configured to resolve the web domain with the help of the “Nslookup” command as given in the figure.

2. Go to DNS server-->DNS-->Domain(e.x., UTMLAB)-->New Zone.

3. Select Zone Type as Primary.

4.Select Data replication to domain controllers in the Domain.

5. Select option forward Lookup Zone.

6. Enter Zone name(e.x., Seqrite.com)

7. Select Allow dynamic updates option as it will update to DNS server even if there is any changes with local IP.

8. Click on Finish.

Till now, we have created the zone. Now we can add records viz., host(A or AAAA), Alias (CNAME) to that zone. The host record is nothing but the domain user’s record.

When a user enters the domain from workgroup then, the host record is created in this zone automatically. We just have to set Default Gateway and Preferred DNS of that host system to the DNS server’s IP. And then the DNS server’s gateway will be UTM local IP, preferred DNS will be its own IP.

Steps to add Host record in the Forward Lookup Zone:

1.Right-click on newly created zone and select option New Host (A or AAAA).

2. Add Hostname & respective IP address for that host. Here the host is one of User from the Domain.

3. Click on Add Host.

4. Now check how a request is getting resolved.


For resolving external website domain:

Using the lookup zone, we can direct all the Domain LAN users towards the UTM. Till now we have only reached to the the UTM but if we try to nslookup for any external website domain; it won’t get resolved. Because, we have not forwarded the DNS request to the Internet. For this, we need to configure Forwarder for the entire domain which will forward the DNS request ahead to the UTM which will further pass it on towards Global/ISP DNS server for resolution.

Steps to create Forwarder:

1. Before configuring Forwarder for the domain.

2. Right Click on Domain Name & select option Properties.


3. Select Forwarder and click on Edit.

4. Enter the UTM local IP here & it will forward the request ahead to the Global/ISP DNS.

5. Select option Apply & then Ok.

6. Now, check how the request for any website is getting resolved.

Note: After this configuration, its mandatory to use AD server’s local IP as primary DNS server and UTM IP as secondary DNS server for all host in local network. UTM should have ISP or 8.8.8.8 global DNS Configured at least to resolve external domain using UTM Lan IP as DNS server.

Please contact Seqrite Technical Support for more assistance