LAN DNS of Vigor3900/2960

LAN DNS feature is to make Vigor Router act as a DNS server which answers specific DNS queries from the LAN clients. Vigor3900, Vigor2960, and Vigor300B support three types of LAN DNS settings, IP, CNAME and FORWARD. In this document, we will talk about them separately.

Enable DNS Redirection

Note that no matter which LAN DNS type you are going to use, it is necessary to enable DNS Redirection in the LAN profile at LAN >> General Setup first.

LAN DNS with type IP

When type IP is selected, the router will respond to the DNS query asking for the specified domain name with an IP address configured. Type IP is commonly used when there's a web server on the internal network, and we want to force LAN hosts to access the web server by its private IP address instead of the public IP address.

To configure a LAN DNS profile with type IP, go to LAN >> LAN DNS, and then click Add:

1. Input a profile name
2. Tick Enable to activate
3. Input the Domain Name of the web server, here we use www.draytek.com
4. (optional) If the same server provides different services and owns multiple domain names you can enter in Alias Domain Name
5. Select :IP" for Type
6. Input the IP Address of the web server, here we use 192.168.239.100
7. (optional) Select Apply to Specified LANs and tick LAN1 for LAN profile to apply the DNS settings to LAN 1 only.

With the above configuration, when a host from LAN 1 sends a DNS query to ask who is www.draytek.com or who is ftp.draytek.com, the router will respond it's IP is 192.168.239.13 to them directly.

LAN DNS with type CNAME

When type CNAME is selected, Network Administrator does not have to specify the IP address in LAN DNS settings. The router will send a DNS query for the IP of the configured CNAME, and then respond the IP to the DNS query for the specified Domain Name. For example, suppose we want to redirect LAN clients forcesafesearch.google.com whenever they try to reach www.google.com, we may create a LAN DNS profile with type CNAME to meet the purpose.

To configure a LAN DNS profile with type CNAME, go to LAN >> LAN DNS and then click Add:

1. Input name for this LAN DNS profile
2. Tick Enable
3. Input www.google.com at Domain Name
4. Select "CNAME" for Type
5. Input forcesafesearch.google.com in CNAME field
6. Select All LANs for Apply to

With the above configuration, when LAN hosts send a DNS query for www.google.com, the router will send a DNS query to the Internet for forcesafesearch.google.com first, then reply the IP address it obtained to the LAN hosts. As a result, when the LAN hosts try to access www.google.com, they will reach forcesafesearch.google.com instead.

LAN DNS with type FORWARD

When selecting type FORWARD, the router will forward the DNS query and response between the LAN host and the specified DNS server. For example, if there's another DNS server managing the domain name *.draytek.com on the private network (even on the remote network over VPN), we can use LAN DNS with type FORWARD to forward the DNS query to the specific DNS server in remote VPN network.

To configure a LAN DNS profile with type FORWARD, go to LAN >> LAN DNS and then click Add:

1. Input name for this LAN DNS profile
2. Tick Enable to activate
3. Input Domain Name *.draytek.com (Wildcard * is supported to forward all domain names which includes ".draytek.com" to the specific DNS server.)
4. Select "FORWARD" for Type
5. Input the IP address of the DNS Server 172.16.2.8

With the above configuration, when a LAN host sends DNS query to ask who is www.draytek.com or who is ftp.draytek.com, the router will forward the DNS query to DNS server 172.16.2.8; if it gets the response, it will send the answer to the LAN host.