This example shows how to configure the DNS proxy function. By configuring flexible DNS proxy rules, users from different segments are assigned to different DNS servers for domain name resolution.
A secondary ISP rents the bandwidth of telecom, netcom and other ISP to different users for Internet access. The telecom and netcom ISP have their own DNS servers. So the secondary ISP want to assign users of different network segments to the DNS servers of corresponding ISP for domain name resolution through DNS proxy devices.
This example simulates the export scenario of the above secondary ISP through the following configuration. Use eth0/1 (IP:22.214.171.124) of the device to connect to the telecom special line to access the Internet, and use eth0/2 (IP: 126.96.36.199) to connect to the netcom special line to access the Internet. In the public network, the DNS server of telecom is DNS1:188.8.131.52, and that of netcom is DNS2:184.108.40.206. Also, eth0/3, eth0/4 connect to the Intranet user groups. The administrator now has the following requirements:
- The DNS request of user group 1 (network segment: 192.168.10.1 / 28) is uniformly proxy to dns1 for domain name resolution;
- The DNS request of user group 2 (network segment: 220.127.116.11 / 24) is uniformly proxy to dns2 for domain name resolution;
- The DNS request of intranet server (18.104.22.168) is not restricted and bypassed directly.
The basic interface and route configuration have been completed, and users can access the Internet normally.
After configuration, capture packets on eth0 / 1 and eth0 / 2 interfaces. The results are as follows:
- Q：What is the order and manner of matching multiple DNS proxy rules?
A：The device will query for DNS proxy rules by turns from up to down. In each rule, only if all matching conditions are met can the matching be successful.
- Q：When multiple DNS servers are configured in a DNS proxy rule, what is the priority of preferred and bound out interface properties?
A：When you configure multiple DNS servers, the DNS server with preferred property will be selected for domain name resolution. If no preferred server is specified, the system will query whether there are DNS servers that have specified the egress interface.
- Q：Can DNS proxy for specific domain names?
A：Yes, you can configure a specific domain name in the option "Domain Name", and then configure the proxy action and the corresponding DNS server when creating a new rule.