Domain name system 编辑

Domain Name System (DNS) translates human readable domain names to machine-readable IP addresses, and vice versa. The following DNS features are introduced in SD-WAN release 10 version 2:

  • DNS Proxy
  • DNS Transparent Forwarding

DNS proxy

DNS proxy intercepts the DNS requests destined to SD-WAN IP address and forwards it to the selective DNS services. You can configure a proxy with multiple forwarders that helps steering DNS requests based on application domain names. DNS forwarding works for the requests that are received through UDP connections.

To configure SD-WAN as a DNS Proxy:

  1. Define the domain name based applications. In the Configuration Editor, navigate to Global > Applications > Domain Name Based Applications.

    Enter the application name and the required domain names or patterns. You can group several domain names as an application. You can either enter the full domain name or use wild cards at the beginning. For example - *.google.com

    localized image

  2. Define the required DNS Services. Navigate to Global > DNS Service. Enter the Service Name and a pair of Primary and Secondary DNS server IP addresses.

    You can create internal, ISP, google or any other open source DNS service.

    localized image

    Note:

    If you have configured Office 365 breakout policy, a Quad9 DNS service is auto created. For more information, see Office 365 Optimization.

    Alternatively, you can also define the DNS services at individual site level. . The site-level DNS service configuration overrides the global configuration. To configure site-specific DNS service, navigate to Sites > DNS > DNS Services. Enter the Service Name and a pair of Primary and Secondary DNS server IP addresses.

    localized image

  3. Configure DNS proxy for the site. Navigate to Sites > DNS > DNS Proxy. Click +. Enter values for the following parameters:

    • DNS Proxy Name: Name of the DNS Proxy.
    • Default DNS Service: The default DNS Service to which the DNS requests will be forwarded to, if none of the applications match in DNS forwarder look-up.
    • Interfaces: The interfaces on which the DNS requests will be intercepted. Only trusted interfaces are allowed.
    • DNS Forwarders: List of DNS forwarders.
      • Order: The priority of the forwarder.
      • Application: Applications for which DNS requests have to be forwarded to the selected DNS service.
      • DNS Service: The DNS service that the DNS request will be forwarded to for the specified application.

      localized image

DNS transparent forwarder

SD-WAN can be configured as a transparent DNS forwarder. In this mode, SD-WAN can intercept DNS requests that are not destined to it’s IP address and forward them to the specified DNS service. Only the DNS requests coming from local service on trusted interface(s) are intercepted. If the DNS requests match any applications in the DNS forwarder list, then it is forwarded to the configured DNS service. DNS forwarding is supported only for requests coming over UDP connections.

To configure SD-WAN as a DNS transparent forwarder:

  1. Navigate to Sites > DNS > DNS Transparent Forwarders. Click +.
  2. Enter values for the following parameters:

    • Order: The priority of the forwarder.
    • Application: Applications for which DNS requests have to be forwarded to the selected DNS service.
    • DNS Service: The DNS service that the DNS request will be forwarded to for the specified application.

    localized image

    Similarly, continue to add other DNS transparent forwarders as required.

  3. Click Apply.

Monitoring

To view Proxy statistics and Transparent forwarder statistics, navigate to Monitoring > DNS. You can view the application name, DNS service name, DNS service status, and the number of hits to the DNS service.

Proxy Statistics

localized image

Transparent Forwarder Statistics

localized image

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:22 次

字数:5977

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文