Smart DNS configuration on the USG6000

0

The principles for configuring the smart DNS on the USG6000 are as follows:
The smart DNS is generally configured in the following modes: single-server smart DNS and multi-server smart DNS.
1. Enable the smart DNS function.
2. Configure the single-server smart DNS or multi-server smart DNS.
3. Configure the NAT server function.
4. Configure the round robin function.

For specific configurations, click Example for Configuring Single-Server Smart DNS in Round Robin Mode.

Other related questions:
Differences between the smart DNS and the transparent DNS proxy supported by the USG6000
The USG6000 supports the smart DNS and the transparent DNS proxy. The same points are as follows: (1) Both the smart DNS and the transparent DNS proxy provide the DNS service. (2) Both the smart DNS and the transparent DNS proxy provide appropriate access paths for users by means of interfering DNS behaviors. (3) Both the smart DNS and the transparent DNS proxy are implemented by the firewall (non-DNS server). The differences are as follows: (1) The application scenarios of the smart DNS and the transparent DNS proxy are different. The transparent DNS proxy is used to control the path used by users inside the enterprise zone to access external network resources and aims to improve the bidirectional outbound interface bandwidth usage; the smart DNS is used to control the path used by users outside the enterprise zone (Internet users) to access the internal servers and aims to select the shortest path to avoid inter-ISP access. (2) Locations of DNS servers are different. The DNS server of the transparent DNS proxy is deployed at the ISP side, and the DNS server of the smart DNS is deployed at the enterprise side. (3) User locations, accessed resource locations, and access directions are different.

Configuring smart DNS for multiple servers through the web UI of the USG6000
Configure smart DNS for multiple servers through the web UI as follows: 1. Choose Network > DNS > Smart DNS. 2. Select Enable of Smart DNS and click Apply. 3. In Smart DNS List, click Add. 4. Select Multi-server when multiple web servers are deployed on the enterprise intranet in Scenario. 5. Enter the description of smart DNS in Description. 6. DNS Reply Address indicates the internet server address sent by the DNS server to users. The value is automatically generated on the basis of ISP Server Public Address in ISP WAN Interface Mapping List. 7. In Traffic Distribution Mode, select Based on ISP egresses, Round Robin, or Weighted Round Robin as required. 8. Click OK. 9. Choose Policy > NAT Policy > Server Mapping. 10. In Server Mapping List, click Add. 11. In New Server Mapping, configure server mapping. The following table lists server mapping parameters. 12. Click OK. 13. Choose Network > Interface and configure sticky load balancing.

Configuring smart DNS for a single server through the web UI of the USG6000
Configure smart DNS for a single server through the web UI as follows: 1. Choose Network > DNS > Smart DNS. 2. Select Enable of Smart DNS and click Apply. 3. In Smart DNS List, click Add. 4. Select Single-server when only one web server is deployed on the enterprise intranet in Scenario. 5. Enter the description of smart DNS in Description. 6. Enter the global IP address of the internal web server in DNS Reply Address. 7. In Traffic Distribution Mode, select Based on ISP egresses, Round Robin, or Weighted Round Robin as required. 8. Click OK. 9. Choose Policy > NAT Policy > Server Mapping. 10. In Server Mapping List, click Add. 11. In Add Address Mapping, configure server mapping. 12. Click OK. 13. Choose Network > Interface and configure sticky load balancing.

DNS proxy configuration on the USG6000
You can configure the DNS proxy on the firewall as follows: 1. Run the dns proxy enable command to enable the DNS proxy function or run the dns relay enable command to enable the DNS relay function. 2. Run the dns server ip-address command to configure the DNS server accessed by the DNS proxy or DNS relay.

Transparent DNS proxy configuration on the USG6000
The principle for configuring the transparent DNS proxy on the USG6000 is as follows: By configuring the transparent DNS proxy on the NGFW, DNS request packets of intranet users are distributed to DNS servers of ISP1 and ISP2 based on a ratio of 2:1. In this way, network access traffic of the intranet users is also distributed to the DNS servers of ISP1 and ISP2 based on a ratio of 2:1. The smart routing function is required to select an outbound interface. In addition, the ISP address library routing function must be configured. The configuration procedure is as follows: 1. Configure the transparent DNS proxy function. Bind the DNS server address with the outbound interface. Specify the address of the DNS server serving as the transparent DNS proxy, and configure the domain names to be excluded. 2. Configure the ISP address library routing function. If the preset ISP address file is used, skip this step. If a new ISP address file is imported, configure the ISP name and specify the mapping between the ISP name and the ISP address file. 3. Configure the outbound interface. Configure the interface IP address, gateway, bandwidth, bandwidth overload protection threshold, and ISP name corresponding to the interface. 4. Configure the global routing policy. Set the smart routing mode to load balancing, and set outbound interfaces that are directly connected to the NGFW, ISP1 network, and ISP2 network as member interfaces of the smart routing function. For specific configurations, click Method Used to Configure Transparent DNS Proxy on the USG6000.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top