DNS proxy configuration on the USG6000

52

You can configure the DNS proxy on the firewall as follows:
1. Run the dns proxy enable command to enable the DNS proxy function or run the dns relay enable command to enable the DNS relay function.
2. Run the dns server ip-address command to configure the DNS server accessed by the DNS proxy or DNS relay.

Other related questions:
DNS proxy configuration on the USG6000
You can configure the DNS proxy on the firewall as follows: 1. Run the dns proxy enable command to enable the DNS proxy function or run the dns relay enable command to enable the DNS relay function. 2. Run the dns server ip-address command to configure the DNS server accessed by the DNS proxy or DNS relay.

DNS proxy working mechanism on the USG6000
The working process of DNS proxy is as follows: 1.The DNS client sends a request packet to the DNS proxy. The DNS proxy IP address is the destination address of the request packet. 2.After receiving the request packet, the DNS proxy searches for DNS entries saved in the local domain name resolution tables. ?If mapping information exists, the DNS proxy sends a reply packet carrying the resolution result to the DNS client. ?If no mapping information exists, the DNS proxy sends the request packet to the DNS server for resolution. 3.After receiving the reply packet from the DNS server, the DNS proxy records the resolution result and forwards the reply packet to the DNS client.

Configuring DNS proxy through the web UI of the USG6000 series
The USG6000 series can serve as the DNS proxy to forward DNS request and reply packets between the DNS client and DNS server. Specify the DNS server address through the web UI so that the device can serve as the DNS proxy to send domain name resolution requests to the DNS server. 1. Choose Network > DNS > DNS. 2. Click Add in DNS Server List. 3. Set the IP address of the DNS server. If you do not select the external network interface, the configured DNS server address is the global address. Enter the IPv4 or IPv6 address of the DNS server in the DNS Server Address text box. Click OK. If you select a specific external network interface, the configured DNS server address is the address bound with the interface and applies only to this interface. If the operation succeeds, the new configuration whose Obtaining Mode is Manual is displayed in DNS Server List. Repeat the preceding operations to add the IPv4 or IPv6 addresses of multiple DNS servers. 4. Optional: In Configure DNS Query Packets's Source Address, set the Source Interface or Source Address. 5. Click Apply .

Application scenarios of the USG6000 DNS transparent proxy
The DNS transparent proxy function of the firewall can change the destination addresses of certain DNS request packets to the DNS server addresses of other ISPs (such as the DNS server address of ISP2). DNS requests are forwarded to different ISPs, and therefore the web server addresses obtained through resolution belong to different ISPs, and Internet access traffic is forwarded through different ISP links. This helps prevent the issue that a link is congested, whereas other links are idle and ensures that all link resources are fully used.

Differences between the smart DNS and the transparent DNS proxy supported by the USG6000
The USG6000 supports the smart DNS and the transparent DNS proxy. The same points are as follows: (1) Both the smart DNS and the transparent DNS proxy provide the DNS service. (2) Both the smart DNS and the transparent DNS proxy provide appropriate access paths for users by means of interfering DNS behaviors. (3) Both the smart DNS and the transparent DNS proxy are implemented by the firewall (non-DNS server). The differences are as follows: (1) The application scenarios of the smart DNS and the transparent DNS proxy are different. The transparent DNS proxy is used to control the path used by users inside the enterprise zone to access external network resources and aims to improve the bidirectional outbound interface bandwidth usage; the smart DNS is used to control the path used by users outside the enterprise zone (Internet users) to access the internal servers and aims to select the shortest path to avoid inter-ISP access. (2) Locations of DNS servers are different. The DNS server of the transparent DNS proxy is deployed at the ISP side, and the DNS server of the smart DNS is deployed at the enterprise side. (3) User locations, accessed resource locations, and access directions are different.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top