Resolving DNS Servers Located in the Secure Network

If your DNS server is located in the secure network behind a firewall and the firewall is blocking ICMP traffic, you cannot test connections to the server because the firewall is blocking the request. You can resolve this issue by doing the following steps:

  • Creating a DNS service with a custom DNS Monitor that resolves to a known fully qualified domain name (FQDN).
  • Creating a non-directly addressable DNS virtual server on Citrix Gateway.
  • Binding the service to the virtual server.


  • Configure a DNS virtual server and DNS service only if your DNS server is located behind a firewall.
  • If you install a Citrix ADC load balancing license on the appliance, the Virtual Servers and Services node does not appear in the navigation pane. You can perform this procedure by expanding Load Balancing and then clicking Virtual Servers.

To configure a DNS service and DNS Monitor

  1. In the configuration utility, on the Configuration tab, in the navigation pane, expand Virtual Servers and Services and then click Virtual Servers.
  2. In the details pane, click Add.
  3. In Name, type a name for the service.
  4. In Protocol, select DNS.
  5. In IP Address, type the IP address of the DNS server.
  6. In Port, type the port number.
  7. On the Services tab, click Add.
  8. On the Monitors tab, under Available, select DNS, click Add, click Create, and then click Close.
  9. In the Create Virtual Server (Load Balancing) dialog box, click Create, and then click Close.

Next, create the DNS virtual server. For details, see To configure a DNS virtual server and then bind the DNS service to the virtual server.

To bind a DNS service to a DNS virtual server

  1. In the Configure Virtual Service (Load Balancing) dialog box, on the Services tab, click Add, select the DNS service, click Create, and then click Close.