Private DNS
  • 26 Aug 2024
  • 2 Minutes to read
  • Contributors

    Private DNS


      Article summary

      Understanding Private DNS

      A Custom DNS allows you to dictate which DNS server your network should use when resolving domain names.

      Private DNS will enable you to reach an internal resource by its hostname (as published by your local DNS server).

      This can ease your workflow, as you will no longer need to specify the resource's IP address and will be able to resolve resources that are not directly exposed to the Harmony SASE Network.


      How to Set Up Private DNS

      You can assign Private DNS on two different levels: on the Network level (for the entire Network) or on the Region level (for a specific region in your Harmony SASE Network). 

      The Private DNS will allow you to utilize your organization’s DNS servers, as well as local domain names while the Regional DNS will allow your users to resolve resources via a local DNS server rather than waiting for a response from a remote one.

      Public DNS
      Be aware, you will be unable to set 8.8.8.8, 8.8.4.4, 1.1.1.1, and 1.0.0.1 as your Private DNS as Harmony SASE will already fall back to these public DNS records, and configuring these publicly accessible records can cause issues. Also, in general, using public IPs as Private DNS is not currently supported.

      Connecting a Private DNS to a Network

      A Private DNS server can be connected to the Harmony SASE Network by following those steps: 

      Before you proceed
      If your private DNS server(s) do not have a public IP address, you'll need to set up a Site-to-Site connection to the internal network containing the server(s).

      1. Click on the (...) icon on the Network section.

      2. Click on Private DNS.

      3. Turn on the Enable Private DNS toggle.

      Private_DNS_2

      If your Private DNS Server(s) supports DoT, from the Port list, select Over TLS (otherwise your requests will be sent over HTTPS).

      4. Enter the IP address of each one of your DNS servers. You can enter up to four different IP addresses.

      5. Wait for the Network status to change from Deploying... to Active.

      Connecting a Private DNS server to a Region

      1. Click on the (...) icon on the desired Region.

      2. Turn-on the Enable Private DNS toggle.Private_DNS_2

      If you want to configure more than one DNS server under Private DNS, know we use them randomly to spread the load between all servers. 

       Therefore the DNS endpoint must have either zone sharing or zone forwarding. This can be done with both cloud DNS providers and on-premise resolvers. 

      3.Enter the IP address of each one of your DNS servers. You can enter up to four different IP addresses.

      4. Enter any suffix that you'd like to add to the DNS query (for example, if you enter perimeter81.com as a search domain, and then type in the address bar support, you'll be directed to support.perimeter81.com).

      5. Select apply, then wait for the Network status to change from Deploying... to Active.

      Recommendations

      1. Before changing your DNS, understand the benefits and potential drawbacks.
      2. Ensure you use trusted DNS servers to avoid security issues.

      Troubleshooting

      If you encounter issues during or after the setup, try reviewing your settings to ensure everything matches the instructions. In particular, check the IP addresses and other details you entered during setup. If issues persist, please consult our dedicated support.

      Support Contacts

      If you have any difficulties or questions, don't hesitate to contact Harmony SASE's support team. We offer 24/7 chat support on our website at Perimeter81.com, or you can email us at sase-support@checkpoint.com. We're here to assist you and ensure your VPN tunnel setup is a success.



      Was this article helpful?

      What's Next