Athena NGFW (Next-Generation Firewall)

Athena NGFW (previously known as Network Secure) provides comprehensive protection for every network perimeter, ensuring the safety of your valuable assets, data, and users from emerging threats.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
8.0.85
Athena NGFW (Next-Generation Firewall) {{ breadTitle }} User Manual Network DNS DNS Configuration
{{sendMatomoQuery("Athena NGFW (Next-Generation Firewall)","DNS Configuration")}}

DNS Configuration

{{ $t('productDocDetail.updateTime') }}: 2026-01-06

To set the DNS servers and DNS proxy for the Network Secure device to access the Internet. See the figure below.

A screenshot of a computer Description automatically generated

Preferred DNS: Set the DNS server address used by the Network Secure device to access the Internet. The Network Secure device uses this DNS address as the first choice for resolution.

Alternate DNS: Set the DNS server address used by the Network Secure device to access the Internet. If the Network Secure device fails to resolve the preferred DNS server address, the alternate DNS server address is selected for resolution.

DNS Proxy: After this function is enabled, the LAN user's DNS address is set as the interface IP address of the Network Secure device, which forwards the LAN user's DNS requests to the preferred and alternate DNS servers set for the device. DNS proxy uses port TCP/53. After it is enabled, this port on the firewall can be accessed from all zones. Suppose the firewall is deployed at the network egress. In that case, it is recommended to deny access from public zones to this port by configuring it under Policies > Access Control > Local ACL.

DNS64: Need to enable the DNS proxy before it can be used. DNS64 mainly works in conjunction with NAT64. It mainly converts the A record (IPv4 address) in the DNS query information into an AAAA record (IPv6 address), and then returns the AAAA record to the IPv6 side user.