In this article:
In Twingate, there are two types of Resources: DNS and CIDR. The type you choose depends on how end users connect to the asset behind the Resource: if they use the asset's private IP address to connect to it, you can use CIDR type Resources, if they use a fully qualified domain name or hostname, you can use DNS type Resources.
Resource definitions are used by the Twingate Client to figure out exactly what traffic to intercept; all other traffic is ignored by the Twingate Client (unless you have DoH enabled in which case all DNS traffic is handled by the Twingate Client in addition to traffic for Twingate Resources).
Make sure the asset is declared as a Resource
Go to the Resources list in the Admin Console and make sure the asset exists as a Twingate Resource.
If you are attempting to connect to a hostname or fully qualified domain name, make sure either of the following is true:
- both the hostname and FQDN exist as Twingate Resources (more information here)
- Or the hostname exists as a Twingate Resource and the FQDN is covered as part of a patterned DNS type Twingate Resource (a FQDN with
*
or?
in its definition)
Let's review some examples.
CIDR Resource example
For example, if we wish to connect to a server using its private IP 10.1.2.3
, we will need to create a Twingate Resource for it.
Option 1: use a single IP in your Resource
Option 2: use a CIDR range in your Resource
FQDN Resource example
For example, if we wish to connect to a server using its FQDN server1.corp.int
, we will need to create a Twingate Resource for it.
Option 1: use the exact FQDN in your Resource
Option 2: use a patterned FQDN in your Resource
Note: There are many ways to define a patterned FQDN, check out the details here.
Hostname Resource example
For example, if we wish to connect to a server using its hostname server1
, we will need to create two Twingate Resources for it.
The first Resource should be defined with the FQDN (see the previous example) and the second Resource should be defined on the hostname alone.
For more information on why you should create two separate Resources when considering unqualified domain names, take a look here.