Configuring a DNS Proxy/Relay Agent to Send DNS Requests to a Specific DNS Server
Context
On a network with a DNS proxy or relay agent, a DNS client sends a DNS request to the DNS proxy or relay agent, which then forwards the request to a DNS server it serves. After receiving a response from the DNS server, the DNS proxy or relay agent forwards the response to the DNS client for domain name resolution. When a DNS proxy or relay agent serves multiple DNS servers, the destination DNS server can be determined based on the DNS server selection mode configured through the dns-server-select-algorithm command. Alternatively, a DNS server can be specified as the destination for specific DNS requests. In this case, the DNS proxy or relay agent will forward the specified DNS requests to the specified DNS server. You can configure the DNS proxy or relay agent to forward DNS requests to a specific DNS server.
When no DNS server is specified as the destination, a DNS proxy or relay agent can forward both IPv4 and IPv6 DNS requests to DNS servers. However, when a destination DNS server is specified, a DNS proxy or relay agent can forward only IPv4 requests to this server.
Only V300R019C13 and later versions support this function.
Procedure
- Run system-view
The system view is displayed.
- Run dns group dns-group-name
A DNS group is created on the DNS proxy or relay agent.
By default, no DNS group is created on the DNS proxy or relay agent.
- After the undo dns proxy forward-any-response command is configured on the device, the device preferentially sends DNS requests to DNS servers in the DNS group. Assume that the resolution still fails (if the response count is 0, the response packet carries an error code, or there is no response) when the number of retransmission times of the DNS requests reaches the upper limit configured by the dns forward retry-number command. In this scenario, the device sends the DNS requests to global DNS servers.
- Run dns resolve policy { a | aaaa } enable
The DNS resolution policy function is enabled for class A or AAAA query requests.
By default, the DNS resolution policy function is disabled for class A or AAAA query requests.
- Run dns resolve policy
The DNS resolution policy view is displayed.
- Run rule rule-id [ if-match name hostname ] dns-group dns-group-name in the DNS resolution policy view
A DNS resolution rule is configured to match specified DNS requests with the configured DNS group.
By default, no DNS resolution rule is configured.
If you run the rule command in the DNS resolution policy view to configure a DNS resolution rule and do not specify the DNS requests that match this rule, this rule matches all DNS requests by default.
If a DNS request does not match any DNS resolution rules configured through the rule command in the DNS resolution policy view, you can run the dns-server-select-algorithm command to configure a DNS server selection mode for this DNS request.
Example
An example for configuring a DNS proxy or relay agent to forward DNS requests to a specific DNS server is as follows. Specifically, on the DNS proxy or relay agent, configure a DNS server selection mode for DNS requests, configure a DNS group named 0, specify GigabitEthernet 0/0/6 as the source interface for forwarding DNS requests, and configure the DNS proxy or relay agent to forward DNS requests matching the DNS resolution rule specified with the domain name www.huawei.com to the DNS server at 10.1.1.1.
The configuration of the DNS proxy or relay agent is as follows:
<Huawei> system-view [Huawei] dns group 0 [Huawei-dns-group-0] dns source-interface GigabitEthernet 0/0/6 [Huawei-dns-group-0] dns server 10.1.1.1 [Huawei] dns resolve policy a enable [Huawei] dns resolve policy [Huawei-dns-resolve-policy] rule 0 if-match name www.huawei.com dns-group 0