102
The DNS proxy does not have the DNS server address or cannot reach the DNS server after startup.
A host accesses the HTTP server in the following steps:
1. The host sends a DNS request to the device to resolve the domain name of the HTTP server
into an IP address.
2. Upon receiving the request, the device searches the local static and dynamic DNS entries for a
match. Because no match is found, the device spoofs the host by replying a configured IP
address. The device must have a route to the IP address with the dial-up interface as the output
interface.
The IP address configured for DNS spoofing is not the actual IP address of the requested
domain name. Therefore, the TTL field is set to 0 in the DNS reply. When the DNS client
receives the reply, it creates a DNS entry and ages it out immediately.
3. Upon receiving the reply, the host sends an HTTP request to the replied IP address.
4. When forwarding the HTTP request through the dial-up interface, the device performs the
following operations:
{ Establishes a dial-up connection with the network.
{ Dynamically obtains the DNS server address through DHCP or another autoconfiguration
mechanism.
5. Because the DNS entry ages out immediately upon creation, the host sends another DNS
request to the device to resolve the HTTP server domain name.
6. The device operates the same as a DNS proxy. For more information, see "DNS proxy."
7. After obtainin
g the IP address of the HTTP server, the host can access the HTTP server.
Without DNS spoofing, the device forwards the DNS requests from the host to the DNS server if it
cannot find a matching local DNS entry. However, the device cannot obtain the DNS server address,
because no dial-up connection is established. Therefore, the device cannot forward or answer the
requests from the client. DNS resolution fails, and the client cannot access the HTTP server.
DNS tasks at a glance
To configure DNS, perform the following tasks:
1. Configuring the DNS client
Cho
ose the following tasks as needed:
{ Configuring static domain name resolution
{ Configuring dynamic domain name resolution
2. (Optional.) Configuring the DNS proxy
3. (Optional.) Configuring DNS spoofing
This featu
re is applied to the dial-up network.
4. (Optional.) Specifying the source interface for DNS packets
5. (Optional.) Configuring the DNS trusted interface
6. (Optional.) Setting the DSCP value for outgoing DNS packets
Configuring the DNS client
Configuring static domain name resolution
Restrictions and guidelines
For the public network, each host name maps to only one IPv4 address and one IPv6 address.
A maximum of 2048 DNS entries can be configured.
To Next Page
Loading...
Need help?
General