Global – DNS and Target IPs

  WEDOS Global

This article addresses DNS and destination IP address settings specifically within the WEDOS Global system. For normal DNS settings, follow the instructions Domains – DNS Servers (NSSET) and DNS – Domain Records.

In this article, you will learn:

WEDOS Global DNS

If your domain does not use WEDOS Global or a similar system, DNS works according to the following chart:

Common DNS query: the client's query goes directly to the web server via the DNS server
Common DNS query: the client’s query goes directly to the web server via the DNS server

The basic function of a DNS server is to translate human-understandable information (domain names) into computer-understandable information (mainly IP addresses). For such a query, it does not matter whether the question is asked by a real user, an attacker, or a robot – the data on the DNS server is available to everyone without distinction.

The basic function of the WEDOS Global proxy server is to take the place of the web server from the DNS point of view, evaluate the client’s request, and only after deciding on the legitimacy of such a request contact the web server and retrieve content.

A DNS query with a WGP proxy representing the web server
A DNS query with a WGP proxy representing the web server

From the point of view of the DNS server, a proxy stands in place of the web server. The DNS server is no longer interested in what is behind it, so the proxy server takes over responsibility for the rest of the communication.

  • The DNS server contains the IP addresses of the proxy server. If we want the WEDOS Global system to protect the web server from unwanted traffic, we tell the DNS server the proxy address and no others.
  • The proxy server contains the target IP addresses of the web server. The proxy server needs to know where to get the website data from. It contains a table of target IP addresses of the web server, which it uses for further communication.

DNS Domain Records

For WEDOS Global to work correctly, we recommend using WEDOS DNS servers (NSSET). If you use another provider’s DNS servers, instead of IP addresses, enter CNAME records according to the instructions during adding a domain according to the Global – Adding Domain guide.

Point the domain exclusively to the proxy server. You can find the proxy server addresses by following these steps:

  1. Log into the WEDOS Global administration panel.
  2. On the homepage, select the domain for which you want to find the proxy server addresses.
  3. IPv4 and IPv6 addresses can be found in the IP Addresses of Your Proxy box.
IP addresses of the proxy server in the WEDOS Global administration
Sample IP addresses of the proxy server in the WEDOS Global administration

Enter these addresses in the main domain’s DNS records as well as any unspecified subdomains using the * character. So enter a total of 8 entries in the form:

Name      TTL    Type Data
300 A (Proxy server 1 IPv4 address)
* 300 A (Proxy server 1 IPv4 address)
300 A (Proxy server 2 IPv4 address)
* 300 A (Proxy server 2 IPv4 address)
300 AAAA (Proxy server 1 IPv6 address)
* 300 AAAA (Proxy server 1 IPv6 address)
300 AAAA (Proxy server 2 IPv6 address)
* 300 AAAA (Proxy server 2 IPv6 address)

Delete other DNS records of type A and AAAA without a name or with the name *. Leave entries of other names or types unchanged.

DNS records of type A and AAAA directed to WEDOS Global proxy, other records (MX) unchanged
Sample DNS records of type A and AAAA directed to WEDOS Global proxy, other records (MX) unchanged

Target IPs

Target IP addresses in the WEDOS Global system are used by the proxy server to access the web server. The initial setup is usually done automatically. If you need to check or change it, follow these steps:

  1. Log into the WEDOS Global administration panel.
  2. On the homepage, select the domain for which you want to review target IPs.
  3. In the left menu, click Target IPs.
WEDOS Access to the target IPs interface
Access to the target IPs interface

In this interface, you can click:

  • the Add IP button in the list header to add a new web server address;
  • the pencil icon on the right to edit the IP address or its weight parameter;
  • the bin icon on the right to delete the IP address.

The proxy server needs at least one IP address directed to the web server to function properly.

Common issues

Common problems with setting up DNS/destination IPs in WEDOS Global include:

Broken DNS

Issue: After setting Global records in WEDOS DNS and deleting all others, emails stopped working, or other DNS functionality was disrupted.

Cause: Although the Global system lists all records found for a domain during a DNS scan, it can actually only use IP addresses listed in type A and AAAA records that have no name (used for the main domain) or the name * (all unspecified subdomains).

Solution: Check the DNS change history for deleted records that do not use Global. These include:

  • Records of types other than A and AAAA (especially MX, CNAME, TXT).
  • Type A and AAAA records that have a name other than *.

Restore these records by adding them to DNS.

Unknown Web Server IP

Issue: I don’t know the IP address of the web server, so I don’t know if it is set correctly in Global.

Solution: If you are hosting your web with us, you can find out its IP address by following the instructions for setting up type A records, where you also use it. For another provider, follow their instructions or contact their support.

Logging Client IPs

Issue: We need to log the IP addresses of clients accessing our web server, but the system logs WEDOS Global server IPs instead.

Cause: We forward real client IP addresses, but your web server is probably not processing them correctly.

Solution: Use this link (.json, click here for .txt) to find unicast ranges that WEDOS Global uses to communicate with target web servers. The list updates daily.

If you use NGINX on the target server, set the set_real_ip_from parameter with the above ranges. For Apache, set them in RemoteIPTrustedProxy. Then your server should be able to work with real IPs.

FAQ

Question: When I installed the WGP Plugin, I only got four IPv4 addresses and no IPv6. Is that right?
Answer: The WGP plugin contains only minimal settings. The service is fully functional with IPv4 addresses, but if you can set up IPv6 as well, do it. You can find their values according to the instructions in the DNS Domain Records chapter, even for domains added via the plugin.

Děkujeme za zpětnou vazbu!