DNS Redirector
 Return to FAQ List


FAQ 142: Valid DNS resolution paths

Category: Everything else | Updated: 03/10/2015 9:31 AM


Examples of different DNS resolution paths (not physical connection paths)
Functional limitations exist when clients are separated from the DNS Redirector server by other DNS servers or NAT firewall/routers, details are explained at the end of this article.



1:   Acceptable, but consider that the DNS Redirector server and clients are not protected by any firewall to the Internet.
      This also limits your ability to enforce DNS Redirector as the only DNS server, as described in FAQ 34

2:   Correct, this is the ideal implementation for a public/wireless network

2b: Warning: NAT prevents the DNS Redirector server from tracking individual clients by their own/unique IP address,
      only the IP of the NAT device will be seen

3:   Correct, note that DNS Redirector could be run on your Active Directory (AD) Domain Controller (DC),
      it does not have to be a separate server, see FAQ 91

3b: Warning: Internal DNS server first prevents the DNS Redirector server from tracking individual clients by their own/unique IP address,
      only the IP of the internal DNS server will be seen

4:   Acceptable, assuming each client has a public IP address, and therefore the router is not doing NAT

4b: Warning: NAT prevents the DNS Redirector server from tracking individual clients by their own/unique IP address,
      only the IP of the NAT device will be seen (applies to cloud server)

4c: Warning: Internal DNS server first prevents the DNS Redirector server from tracking individual clients by their own/unique IP address,
      only the IP of the NAT device will be seen (applies to cloud server)

Warning note for DNS Redirector software:
RedirectIP= (captive portal function) if this were implemented, the first client which is redirected to the welcome site and becomes authorized, would cause everyone to be authorized and web-surf.
BlockedIP= (Internet filtering function) will work regardless, but if BypassBlockFile= were implemented, the first client to toggle bypassing would cause everyone to web-surf unrestricted.

Warning note for DNS Redirector cloud servers:
Captive portal functions cannot be implemented, cloud servers are for Internet filtering only, see FAQ 151



Related articles
FAQ 37  Use when clients are behind a NAT device

 
DNS Redirector | Legal Information | 2003-2017