Cytracom ControlOne: DNS configuration best practices

Topic

This article provides best practices when configuring DNS in ControlOne. 

Environment

  • Cytracom ControlOne

Description

Recommended DNS settings

Accessing DNS settings

1. In the Network Map, click the Zone to which the DNS settings will apply. 

2. The Configuration Options panel will open on the right-hand side of the screen. Click the DNS tab. 

Recommended DNS settings

Cytracom recommends the following DNS settings for general use:

  • Mode: Auto
  • Advanced: Cytracom recommends using the Auto setting for most applications. You do not need to enter a DNS server primary or secondary address the way you would on other types of networking equipment. ControlOne assigns these addresses automatically. 
    If you feel your environment requires a specified DNS server entry, contact Cytracom Technical Support for assistance. 
  • Advanced Gateway: leave unchecked. 

C1_DNS_BPG_DNSoptions.png

Figure 1: Recommended DNS settings (click to enlarge)

ControlOne and internal DNS servers

If you currently have a DNS server on your network Cytracom recommends a hybrid approach, in which:

  • Your DNS server handles DNS for resources on your domain.
  • The ControlOne bridge handles DNS requests for public resources.

You can set  this configuration up in the ControlOne Portal using conditional forwards.

Conditional forwards

A DNS Conditional forward is a setting on the ControlOne Bridge that forwards all DNS requests for a specific DNS domain to the authoritative server of your choosing.

For example, if you have a local domain controller running DNS service with zones for 'yourcompany.local', a conditional forward will instruct ControlOne to forward any DNS lookups for that domain to your local domain controller. This gives you the best combination of DNS functionality, allowing fast global DNS resolution and local domain resolution. See Cytracom ControlOne: Conditional forwards to learn more. 

C1__DNS_BPG_ConditionalForward_Diagram.png

Figure 2: Conditional forward flow on a ControlOne Bridge (click to enlarge)

DNS and the ControlOne Agent

The ControlOne Agent is a full-tunnel connectivity solution. All Internet traffic is sent up the tunnel to the Cytracom platform. Traffic to devices on the network behind the bridge is tunneled to those locations, and all other Internet traffic is directly sent up from the cloud-based firewall.

  • DNS queries for all Internet-based resources are handled by our fast caching-resolving nameservers.
  • DNS queries for on-prem devices being advertised via local DNS servers are sent (via Conditional Forward) to those servers.

If you log in using the ControlOne Agent, make sure the agent can reach the resources within your site zones. The agent must be able to reach your site zone resources before it will successfully log you in. 

C1_DNS_BPG_DiagramWithAgent.png

Figure 3: DNS and the ControlOne Agent (click to enlarge)

Additional Resources

Still have questions? Click here to learn how to contact Cytracom Technical Support or open a ticket.

Was this article helpful?
0 out of 0 found this helpful