(Optional) Configuring DNS Mapping
Context
If an enterprise has no internal DNS server but needs to access internal servers using the domain name, intranet users of the enterprise must use DNS servers on external networks.
Intranet users can use the external DNS server to access an external server by performing NAT; however, intranet users cannot use the external DNS server to access an internal server because the IP address resolved by the external DNS server is not the real private IP address of the internal server.
When configuring static NAT and DNS mapping at the same time, you can create a mapping entry containing the domain name, public IP address, public interface number, and protocol type. When receiving a DNS resolution packet, the NAT device searches the private IP address mapped to the public address in the mapping entry. The NAT device then replaces the address resolved by the DNS server with the private IP address and forwards the resolution result to users.
Procedure
- Run system-view
The system view is displayed.
- Run nat dns-map domain-name { global-address | interface interface-type interface-number [ .subnumber ] } global-port protocol-name
A mapping from a domain name to a public IP address, an interface number, and a protocol type is configured.
After DNS mapping is configured, the nat alg dns enable command must be run to enable the ALG DNS function. In this way, DNS response packets can traverse NAT devices. If the ALG DNS function is disabled, internal hosts cannot access internal servers using the domain name.