DNS on the USG6000 series

3

A Domain Name System (DNS) is a host naming mechanism in character string format of TCP/IP to establish the mapping between domain names and IP addresses. It is a mechanism of mapping easy-to-remember and meaningful domain names to IP addresses recognizable for network devices.

Other related questions:
DNS proxy configuration on the USG6000
You can configure the DNS proxy on the firewall as follows: 1. Run the dns proxy enable command to enable the DNS proxy function or run the dns relay enable command to enable the DNS relay function. 2. Run the dns server ip-address command to configure the DNS server accessed by the DNS proxy or DNS relay.

Smart DNS configuration on the USG6000
The principles for configuring the smart DNS on the USG6000 are as follows: The smart DNS is generally configured in the following modes: single-server smart DNS and multi-server smart DNS. 1. Enable the smart DNS function. 2. Configure the single-server smart DNS or multi-server smart DNS. 3. Configure the NAT server function. 4. Configure the round robin function. For specific configurations, click Example for Configuring Single-Server Smart DNS in Round Robin Mode.

Transparent DNS proxy configuration on the USG6000
The principle for configuring the transparent DNS proxy on the USG6000 is as follows: By configuring the transparent DNS proxy on the NGFW, DNS request packets of intranet users are distributed to DNS servers of ISP1 and ISP2 based on a ratio of 2:1. In this way, network access traffic of the intranet users is also distributed to the DNS servers of ISP1 and ISP2 based on a ratio of 2:1. The smart routing function is required to select an outbound interface. In addition, the ISP address library routing function must be configured. The configuration procedure is as follows: 1. Configure the transparent DNS proxy function. Bind the DNS server address with the outbound interface. Specify the address of the DNS server serving as the transparent DNS proxy, and configure the domain names to be excluded. 2. Configure the ISP address library routing function. If the preset ISP address file is used, skip this step. If a new ISP address file is imported, configure the ISP name and specify the mapping between the ISP name and the ISP address file. 3. Configure the outbound interface. Configure the interface IP address, gateway, bandwidth, bandwidth overload protection threshold, and ISP name corresponding to the interface. 4. Configure the global routing policy. Set the smart routing mode to load balancing, and set outbound interfaces that are directly connected to the NGFW, ISP1 network, and ISP2 network as member interfaces of the smart routing function. For specific configurations, click Method Used to Configure Transparent DNS Proxy on the USG6000.

Configuring DNS proxy through the web UI of the USG6000 series
The USG6000 series can serve as the DNS proxy to forward DNS request and reply packets between the DNS client and DNS server. Specify the DNS server address through the web UI so that the device can serve as the DNS proxy to send domain name resolution requests to the DNS server. 1. Choose Network > DNS > DNS. 2. Click Add in DNS Server List. 3. Set the IP address of the DNS server. If you do not select the external network interface, the configured DNS server address is the global address. Enter the IPv4 or IPv6 address of the DNS server in the DNS Server Address text box. Click OK. If you select a specific external network interface, the configured DNS server address is the address bound with the interface and applies only to this interface. If the operation succeeds, the new configuration whose Obtaining Mode is Manual is displayed in DNS Server List. Repeat the preceding operations to add the IPv4 or IPv6 addresses of multiple DNS servers. 4. Optional: In Configure DNS Query Packets's Source Address, set the Source Interface or Source Address. 5. Click Apply .

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top