Conditional DNS forwarding

Nick_Bagan · September 28, 2023, 1:33pm

Hi together,
is there a possibility Conditional DNS Forwarding with peplink ?
I need to forward a FQDN e.g. *.test.com and a specific DNS.
Unfortunately I can’t find any settings in Intune or on the peplink itself.

dennis.hofheinz · September 28, 2023, 4:46pm

using a specific DNS Server for some FQDNs could be helpful sometimes.
@TK_Liew do you know if this is possible?

TK_Liew · September 29, 2023, 2:27am

Do you think “Domain Lookup Policy” helps?

Nick_Bagan · September 29, 2023, 7:49am

so I would have to store the DNS on the WAN interface.
but on the WAN interface is the google DNS 8.8.8.8.
This should also remain so.
I have an IP Sec VPN to Azure, there is also the internal DNS.
The Peplink should ask for *.test.com the Azure DNS and everything else must be normal over WAN to google.
In addition, I see this setting on the Peplink unfortunately not.

TK_Liew · October 2, 2023, 3:12am

You may consider setup a FusionHub in Azure and build a SpeedFusion tunnel between the FusionHub and your Peplink device. Then you may have the settings below in your Peplink device:

zegor_mjol · October 2, 2023, 7:07am

This may be totally irrelevant, but:
If the objective in your use case is to

maintain a private set of IP addresses, not published or shared by public DNS servers, and
having to maintain it in only one location (the DNS server in your case) while making the lookups available (only) throughout a (local/private?) network

Then there is an alternative to modifying the DNS server lookups while avoiding having to create local DNS tables in every router where this lookup-policy should be enabled: Let IC2 take care of it.

The procedure would be to

Go to the Network Settings > LAN Network Settings for your IC2 group
Create a new LAN Network Settings profile
Open the profile
In “Device Selection” determine which devices are to be affected by the profile (the DNS table) (tags may be employed, for instance)
Open the DNS Proxy tab
Create all the local DNS records (and the other settings to taste)
Save

As a consequence, for all the devices selected by your device selection setting the DNS settings will be updated automatically by IC2.
Future changes need be made only in IC2.

The benefits for our organization is (1) only one place where updates need be made (IC2), (2) there is no need to modify network settings on any of the routers, (3) the local DNS records are available locally, independent of any VPN connections you might otherwise use to achieve the maintenance of a local name space.

Just $0.02 for the evening.

Cheers,

Z

Nick_Bagan · October 2, 2023, 7:19am

This already looks very good.
Does it have to be a Fusion HUB?
In my case it would simply be an Azure gateway where an IP sec VPN runs to.
Unfortunately I don’t see this setting either.
Where can I find it ?

TK_Liew · October 3, 2023, 2:57am

“Domain Lookup Policy” works with WAN, SpeedFusion, and Speed Connect Protect. So, you need to setup a FusionHub in Azure which allows your Peplink device to reach your DNS server via SpeedFusion tunnel. “Domain Lookup Policy” and “DNS Resolvers” can be found by clicking the “?” of “DNS Proxy Settings”.

Alternatively, you may consider the suggestion given by @zegor_mjol.

boc · January 6, 2024, 5:39am

Why should we need to manually select devices? An option to include all devices would make more sense, to account for future devices. Thank you

zegor_mjol · January 6, 2024, 6:56am

Sure. For that functionality choose “All Balance and MAX devices” as your deployment option. Then all those in your group will be provisioned with the DNS records.

All there for your enjoyment/deployment.

Cheers,

Z