Domain name system 编辑
Domain Name System (DNS) translates human readable domain names to machine-readable IP addresses, and vice versa. The following DNS features are introduced in SD-WAN release 10 version 2:
- DNS Proxy
- DNS Transparent Forwarding
DNS proxy
DNS proxy intercepts the DNS requests destined to SD-WAN IP address and forwards it to the selective DNS services. You can configure a proxy with multiple forwarders that helps steering DNS requests based on application domain names. DNS forwarding works for the requests that are received through UDP connections.
To configure SD-WAN as a DNS Proxy:
Define the domain name based applications. In the Configuration Editor, navigate to Global > Applications > Domain Name Based Applications.
Enter the application name and the required domain names or patterns. You can group several domain names as an application. You can either enter the full domain name or use wild cards at the beginning. For example - *.google.com
Define the required DNS Services. Navigate to Global > DNS Service. Enter the Service Name and a pair of Primary and Secondary DNS server IP addresses.
You can create internal, ISP, google or any other open source DNS service.
Note:
If you have configured Office 365 breakout policy, a Quad9 DNS service is auto created. For more information, see Office 365 Optimization.
Alternatively, you can also define the DNS services at individual site level. . The site-level DNS service configuration overrides the global configuration. To configure site-specific DNS service, navigate to Sites > DNS > DNS Services. Enter the Service Name and a pair of Primary and Secondary DNS server IP addresses.
Configure DNS proxy for the site. Navigate to Sites > DNS > DNS Proxy. Click +. Enter values for the following parameters:
- DNS Proxy Name: Name of the DNS Proxy.
- Default DNS Service: The default DNS Service to which the DNS requests will be forwarded to, if none of the applications match in DNS forwarder look-up.
- Interfaces: The interfaces on which the DNS requests will be intercepted. Only trusted interfaces are allowed.
- DNS Forwarders: List of DNS forwarders.
- Order: The priority of the forwarder.
- Application: Applications for which DNS requests have to be forwarded to the selected DNS service.
- DNS Service: The DNS service that the DNS request will be forwarded to for the specified application.
DNS transparent forwarder
SD-WAN can be configured as a transparent DNS forwarder. In this mode, SD-WAN can intercept DNS requests that are not destined to it’s IP address and forward them to the specified DNS service. Only the DNS requests coming from local service on trusted interface(s) are intercepted. If the DNS requests match any applications in the DNS forwarder list, then it is forwarded to the configured DNS service. DNS forwarding is supported only for requests coming over UDP connections.
To configure SD-WAN as a DNS transparent forwarder:
- Navigate to Sites > DNS > DNS Transparent Forwarders. Click +.
Enter values for the following parameters:
- Order: The priority of the forwarder.
- Application: Applications for which DNS requests have to be forwarded to the selected DNS service.
- DNS Service: The DNS service that the DNS request will be forwarded to for the specified application.
Similarly, continue to add other DNS transparent forwarders as required.
- Click Apply.
Monitoring
To view Proxy statistics and Transparent forwarder statistics, navigate to Monitoring > DNS. You can view the application name, DNS service name, DNS service status, and the number of hits to the DNS service.
Proxy Statistics
Transparent Forwarder Statistics
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论