Method used to configure the public domain name for AR series routers

0

Huawei AR series routers support DNS client, DNS proxy or relay, and DDNS client, but do not support the DNS server. Public domain names need to be purchased and bound to the IP addresses on the DNS servers of carriers.

Other related questions:
Method used to configure the DDNS clients on AR series routers
A Huawei AR (except for the AR 550) supports the DDNS client function. When the IP address mapping the domain name is changed, the DDNS client can notify the DNS server of updating the mapping between domain names and IP addresses on the DNS server to ensure that users can successfully access the servers on the network using domain names. The AR used as the DDNS client supports update through DDNS (defined by RFC 2136) and the DDNS server. DDNS update defined by RFC 2136: The AR used as the DDNS client directly updates the mapping between domain names and IP addresses on the DNS server. This function has been available since V200R005C10. Update through the DDNS server: The AR used as the DDNS client sends the mapping between domain names and IP addresses to the DDNS server with the specified URL. Then the DDNS server notifies the DNS server of dynamically updating the mapping between domain names and IP addresses. The AR can connect to DDNS servers from DDNS service providers www.3322.org,www.dyndns.com, and www.oray.cn, Siemens DDNS server, and common DDNS servers that use HTTP. There is no difference in the DDNS configuration between different models and versions of AR series routers. For details about the configuration process, see Configuration Guide - IP Service - DNS.

How to configure AR routers in branches to use a domain name to access the headquarters through DSVPN
In the figure on the right, the branch and headquarters access the Internet through PPPoE dialup, and the branch uses the domain name to access the headquarters through DSVPN. Assume that the public network route is reachable. The following describes only key configurations. 1. Configure Spoke1. The configuration of Spoke2 is similar to that of Spoke1, and is not mentioned here. interface Dialer1 //Configure a dialer interface. link-protocol ppp ppp chap user user@huawei.com //Configure CHAP authentication. ppp chap password cipher huawei@123 //Set the CHAP authentication password to huawei@123. ip address ppp-negotiate dialer user huawei //Configure the peer user name for the dialer interface. dialer bundle 1 //Configure a dialer bundle for the dialer interface. dialer-group 1 // Configure a dialer access group. # interface Tunnel0/0/0 //Configure a DSVPN tunnel interface. ip address 10.16.1.2 255.255.255.0 tunnel-protocol gre p2mp source dialer 1 //Configure the dialer interface as the source interface. ospf network-type broadcast nhrp entry 10.16.1.1 www.123.com register //Configure an NHRP mapping table. # interface GigabitEthernet1/0/0 pppoe-client dial-bundle-number 1 //Configure the PPPoE client to use dialer bundle 1. # dialer-rule //Configure a dialer ACL. dialer-rule 1 ip permit # ip route-static 0.0.0.0 0.0.0.0 dialer1 //Configure a default route pointing to the dialer interface. 2. Configure the hub. dns resolve //Enable the dynamic DNS (DDNS) function. dns server 2.1.1.1 //Configure an IP address for the DNS server. # interface Dialer1 link-protocol ppp ppp chap user user@huawei.com ppp chap password cipher huawei@123 ip address ppp-negotiate dialer user huawei dialer bundle 1 dialer-group 1 ddns apply policy mypolicy //Bind the DDNS policy to the interface. # ddns policy mypolicy //Specify the URL in a DDNS update request. The user name is steven and the password is nevets@123. url ""http://:@members.3322.org/dyndns/update?system=dyndns&hostname=&ip="" username steven password nevets@123 # interface Tunnel0/0/0 ip address 10.16.1.1 255.255.255.0 tunnel-protocol gre p2mp source dialer 1 ospf network-type broadcast nhrp entry multicast dynamic # interface GigabitEthernet1/0/0 pppoe-client dial-bundle-number 1 # dialer-rule dialer-rule 1 ip permit # ip route-static 0.0.0.0 0.0.0.0 dialer1

Configure NAT on the AR router to allow internal hosts to access internal servers using a domain name
If no intranet DNS servers are used and DNS domain names need to be used to access internal servers on an enterprise network, internal users have to send packets carrying DNS domain names to access a DNS server on a public network. A Huawei AR router allows internal and external users to access internal servers through domain names by configuring the NAT server and DNS mapping. The web server uses internal IP address 192.168.0.100/24 and port 8080. The web server has a public address of 202.10.1.3/24 and domain name of www.TestNat.com. The configuration is as follows: 1. Assign IP addresses to interfaces on the router. [Huawei] interface Ethernet0/0/0 [Huawei-Ethernet0/0/0] ip address 192.168.0.1 24 [Huawei-Ethernet0/0/0] quit [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] ip address 202.10.1.2 24 [Huawei-GigabitEthernet2/0/0] quit 2. Configure a default route and specify the next hop address as 202.10.1.1. [Huawei] ip route-static 0.0.0.0 0.0.0.0 202.10.1.1 3. Configure the NAT server and outbound NAT in Easy IP mode on GE2/0/0. [Huawei] acl number 2000 [Huawei-acl-basic-2000] rule 5 permit source 192.168.0.0 0.0.0.255 [Huawei-acl-basic-2000] quit [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] nat server protocol tcp global 202.10.1.3 www inside 192.168.0.100 8080 [Huawei-GigabitEthernet2/0/0] nat outbound 2000 [Huawei-GigabitEthernet2/0/0] quit 4. Enable NAT ALG for DNS and DNS mapping. [Huawei] nat alg dns enable [Huawei] nat dns-map www.testnat.com 202.10.1.3 80 tcp [Huawei] quit

Method used to configure a DNS resolution policy on AR series routers
In V2R5C90 and V200R006C10, an Huawei AR supports the DNS resolution policy. That is, access control can be performed for some sites based on the domain name. The DNS resolution policy is supported only when the AR functions as the DNS proxy or relay agent. DNS resolution policy rules are configured using the rule rule-id [ if-match name hostname ] { deny | permit | spoofing ip-address } command. The domain name hostname can be parsed or not parsed, or a spoofing response is sent. rule-id specifies the DNS resolution rule ID. A smaller value indicates a higher priority of the rule. If the specified rule ID already exists, the new rule will overwrite the existing rule. The configuration procedure is as follows: [Huawei] dns proxy enable //Enable the DNS proxy function, or run the dns relay enable command to enable the DNS relay function. [Huawei] dns resolve //Enable dynamic domain name resolution. [Huawei] dns server 10.3.1.2 //Configure the IP address of the DNS server. [Huawei] dns resolve policy a //Enter the DNS resolution policy view. [Huawei-dns-resolve-policy-a] rule 0 if-match name www.huawei.com permit //Configure the rule to 0. If the domain name is www.huawei.com, parsing is allowed. [Huawei-dns-resolve-policy-a] rule 1 spoofing 192.168.1.1 //For other domain names, a spoofing response is sent with the response address of 192.168.1.1.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top