User`s guide
1.
2.
3.
4.
Every DNS record has a Time to Live (TTL) value, which is the length of time that the DNS record can be cached. For most DNS records, two
days is a typical and acceptable value. However, A records should have a very short TTL, such as 30 seconds. If a WAN interface fails, its
address is no longer returned. The inbound traffic to this host will not be disrupted because the cached address for the failed interface will time out
quickly. Specifying a short TTL for A records also assists in link balancing. Because the address for a host that is returned varies among the
available links, the short TTL guarantees that the interface used for incoming traffic directed to that host also varies frequently.
When asked for the A record, the Barracuda Firewall rotates through the list of IP addresses, varying which IP address appears first in the
returned list according to the inbound link balancing algorithm. That address can be cached by clients for no longer than the value specified in
TTL.
DNS Zone Transfer Blocking
The Barracuda Firewall can be configured to block zone transfers on some or all of the domains that it hosts. An AXFR/IXFR query that is sent
from another DNS server to the Barracuda Firewall (to request a copy of the DNS records) is rejected if zone transfers are disabled for that
domain. By default, zone transfers are enabled for all domains created.
Add a WAN Interface After the Domains are Created
After creating your domains, you can add new WAN interfaces for DNS queries (static interfaces only) and inbound link balancing. To add such an
interface:
Go to the page and add the interface with the service enabled (if you want it to be used to NETWORK > IP Configuration DNS Server
respond to DNS queries).
Go to the page. NETWORK > Authoritative DNS
If this is a static interface and you want it to be used to respond to DNS queries:
For each domain that is already defined, add a new NS record and a new A record to each domain for the new interface.
Edit the A records for your servers to enable inbound traffic to be received on the new interface for the corresponding internal servers.
When you edit the A record, you can select the new WAN interface from the list and add it to the A record.Links
Zones and Domains
A domain name server stores information about part of the domain name space called a zone. All names in a given zone share the same domain
suffix. For example, if is the domain suffix, and are possible subdomains. These can barracuda.com mail.barracuda.com eng.barracuda.com
be all served by one domain name server or some of the subdomains can be delegated to other domain name servers. Every domain or
subdomain is in exactly one zone. Rather than make a distinction between a zone and a domain, the web interface of the Barracuda Firewall
simply asks you to create a domain.
DNS Records
In this article:
DNS Records Generated when Creating a Domain
Additional DNS Records
DNS Records Generated when Creating a Domain
When you create a domain on the Barracuda Firewall, the following records are automatically generated:
Record Description
Start of Authority (SOA)
The SOA record defines the global settings for the hosted domain or
zone. Only one SOA record is allowed per hosted domain or zone.
Name Server (NS)
NS records specify the authoritative name servers for this domain.
One NS record for each name server in the table isDNS Servers
generated.
Address (A)
A records map a hostname to an IP address. Each host inside the
domain should be represented by an A record. One A record is
created for each name server in the table. An A recordDNS Servers
is also created for each matching domain name found in 1:1 NAT and
Port Forwarding rules.