• Cloud Edge Secure Access
• Networks
  • Private DNS
  • DNS Filtering
  • Routes
  • Split Tunneling
  • Site-to-Site Interconnectivity
  • Multi-Tunneling
  • Dynamic-IP Tunnels
  • Whitelisting Resources
    • Benefits of Whitelisting
    • Microsoft Azure
    • SalesForce
    • AWS Management Console
    • Google Cloud Platform
• Client-Based Access
  • MDM App Deployment
  • SCCM Agent Deployment
  • JAMF Cloud
• Client-less Access (Zero Trust Applications)
  • URL Aliasing
  • RDP Security Mode
• SonicWall Support
  • About This Document

Private DNS

This article describes how to configure a private DNS.

Private DNS will enable you to reach an internal resource by its hostname (as published by your local DNS server). This can ease your workflow, as you will now longer need to specify the resource's IP address.

You can assign Private DNS on two different levels: on the Network level (for the entire Network) or on the Region level (for a specific region in your Network).

The Private DNS will allow you to utilize your organization’s DNS servers, as well as local domain names while the Regional DNS will allow your users to resolve resources via a local DNS server rather than waiting for a response from a remote one.

Connecting a Private DNS to a Network

A Private DNS server can be connected to the Network by following those steps:

Before you proceed, If your private DNS server(s) do not have a public IP address, you'll need to set up a Site-to-Site connection to the internal network containing the server(s).

1. Click on the (...) icon on the Network section.

   

2. Click on Private DNS.

3. Turn-on the Enable Private DNS toggle.

   

   If your Private DNS Server(s) supports DoT you'll need to turn the DNS over TLS on (otherwise your requests will be sent over HTTPS).

4. Enter the IP address of each one of your DNS servers. You can enter up to four different IP addresses.

   All private DNS servers should be fully synced as the system will only be resolving addresses through one of the servers. Do not configure public DNS servers (such as 8.8.8.8, 1.1.1.1, etc.), as all requests will be forwarded to them if the private DNS server won't resolve the address.

5. Wait for the Network status to change from Deploying to Active.

Connecting a Private DNS server to a Region

1. Click on the (...) icon on the desired Region.

   

2. Turn-on the Enable Private DNS toggle.

   

   If your Private DNS Server(s) supports DoT you'll need to turn the DNS over TLS on (otherwise your requests will be sent over HTTPS).

3. Enter the IP address of each one of your DNS servers. You can enter up to four different IP addresses.

   All private DNS servers should be fully synced as the system will only be resolving addresses through one of the servers. Do not configure public DNS servers (such as 8.8.8.8, 1.1.1.1, etc.), as all requests will be forwarded to them if the private DNS server won't resolve the address.

4. Enter any suffix that you'd like to add to the DNS query (for example, if you enter sonicwall.com as a search domain, and then type in the address bar support, you'll be directed to support@sonicwall.com.

   

5. Select apply, then wait for the Network status to change from Deploying to Active.

AWS Route 53 DNS

Many of you may have instances and VPC's in AWS and you are very likely utilizing AWS's Route53 DNS infrastructure. In addition to public domain zone management, AWS offers to expose certain zones via private IP access. The proper term for this is inbound and outbound endpoints. We'll be focusing on inbound endpoints in order to better architect SonicWall Cloud Edge's Private DNS feature into your network.

It is considered a good network security practice to make sure that internal resources for your organization's prod or perhaps dev environment are permitted access via a private subnet, making sure that valuable resources aren't on the public internet even if you have security rules in place. Managing a list of public IP's is sure to inflate the more complexity and more people you have.

Accessing internal resources by name is a huge benefit for any environment. There are always a handful set of tools that you may not want to expose to the public.

If you've spun up a tunnel from SonicWall Cloud Edge to AWS using Site to Site, then we need to spin up Inbound Endpoints and create a security group allowing requests on port 53.

Navigate to Route 53 > Resolver > Inbound endpoints.

Create a new resolver:

You should now have a resolver for each of the subnets you've selected. The resolvers will be in the form of IP addresses that you are able to configure within sonicwall Cloud Edge's Private DNS feature.