Description:
This document describes how to set up a DNS loopback address to send DNS requests from a specific source address.
This is useful for environments where DNS requests are sent over a VPN connection. With this type of configuration, a DNS request may be sent from an interface without being checked by a VPN rule. The DNS request will not reach its destination.

Procedure:
1) Set up DNS forwarding:
1.1) Navigate to IPv4 → DNS and click on the Forwarding table.
1.2) Add a new entry to the Forwarding table.
1.3) Enter the domain you want to reach and, under the item Remote site, specify the DNS server that resolves the DNS name. You also have the option to set a Routing tag if you are forwarding over a route that has a routing tag other than 0.

When entering the domain, you can either set the full name of the destination (e.g. server01.local) or alternatively use the wildcard *. This represents any number of characters. The entry in this case would be *.local.


2) Set up the DNS loopback address:
2.1) Navigate to IPv4 → DNS and click on the Loopback addresses table.
2.2) Add a new entry.
2.3) The destination must be set to the same DNS server as was saved in the Forwarding table (see step 1.3). The Loopback address is entered as the interface from which the DNS request is to be made.
The Destination can be given a routing tag by adding an @ character followed by the routing tag (e.g. 192.168.1.1@1).

The Loopback address can be specified either as an interface name, an IPv4 address, or an IPv6 address.



3) Exception: The DNS server can be reached via a routing entry with an assigned routing tag:
If a routing tag is assigned to a routing entry (in this example the tag 5), this tag must be entered in DNS forwarding and in DNS Loopback.
3.1) Create an entry for DNS forwarding as explained in step 1) and enter the IP address of the DNS server followed by an @ and the routing tag (e.g. 192.168.1.1@5, if the routing tag 5 is used).
3.2) Create an entry for a DNS Loopback address as explained in step 2) and enter the IP address of the DNS server followed by an @ and the routing tag (e.g. 192.168.1.1@5, if the routing tag 5 is used).