Domain Overrides

Domain overrides are found at the bottom of the DNS Resolver configuration. These entries specify an alternate DNS server to use for resolving a hosts in a specific domain.

A common use of domain overrides is to resolve internal DNS domains at remote sites using a DNS server at the main site accessible over VPN. In such environments all DNS queries are typically resolved at the central site for centralized control over DNS, however some organizations prefer letting Internet DNS resolve with a local caching resolver at each site, and only forwarding queries for internal domains to the central DNS server.


A static route may be necessary for this to function over IPsec. See Accessing Firewall Services over IPsec for more information.


The domain name that will be resolved using this entry.

This does not have to be a valid TLD, it can be anything (e.g. local, test, lab), or it can be an actual domain name (

IP Address

Specifies the IP Address of the DNS server to which the queries for hostnames in Domain are sent. If the target DNS server is running on a port other than 53, add the port number after the IP address with an @ separating the values, for example:

TLS Queries

Controls whether or not all queries for this domain going to this server are sent using SSL/TLS.

TLS Hostname

An optional hostname used to validate the SSL/TLS server certificate.


A text description used to identify or give more information about this entry.