DNS Redirector
 Return to FAQ List


FAQ 142: Valid DNS resolution paths

Category: Everything else


Examples of different DNS resolution paths are shown here. Functional limitations exist when clients are separated from the DNS Redirector server by other DNS servers or NAT firewall/routers, details are explained at the end of this article.



1:   Acceptable, but consider that the DNS Redirector server and clients are not protected by any firewall to the Internet.
      This also limits your ability to enforce DNS Redirector as the only DNS server, as described in FAQ 34.

2:   Correct, this is the ideal implementation for a public/wireless network.

2b: Warning: NAT prevents the DNS Redirector server from tracking individual clients by their own/unique IP address,
      only the IP of the NAT device will be seen.

3:   Correct, this is the ideal implementation for a company network. Note that DNS Redirector could be run on your Active Directory (AD) Domain Controller (DC),
      it does not have to be a separate server, see FAQ 91.

3b: Warning: Internal DNS server first prevents the DNS Redirector server from tracking individual clients by their own/unique IP address,
      only the IP of the internal DNS server will be seen.

4:   Acceptable, assuming each client has a public IP address, and therefore the router is not doing NAT.

4b + 4c: Warning: NAT prevents the DNS Redirector server from tracking individual clients by their own/unique IP address,
             only the IP of the NAT device will be seen. This limitation also applies to DNS Redirector cloud servers.

In any case where "Warning" appears above, the limitations below are applicable to DNS Redirector software:
RedirectIP= (captive portal function) if this were implemented, the first client which is redirected to the welcome site and becomes authorized, would cause everyone to be authorized and web-surf.
BlockedIP= (Internet filtering function) will work regardless, but if BypassBlockFile= were implemented, the first client to toggle bypassing would cause everyone to web-surf unrestricted.



Related articles
FAQ 37  Use when clients are behind a NAT device

 
DNS Redirector | Legal Information | 2003-2017