< Home

Key Points for Configuring Smart DNS

This section describes how to configure smart DNS.

Procedure

To configure smart DNS, perform the following operations:

  1. Enable the smart DNS function.

    The smart DNS function is content security component license-controlled. For details about the license control scopes, see the License Control Items.

  2. Select either of the following configurations based on the scenario where one or multiple web servers are deployed on the intranet.
    • When only one web server is deployed on an enterprise network, that is the mapping between the domain name of the Web server and one IP address of this deployed web server is configured on the DNS server, configure single-server smart DNS.
    • When multiple web servers are deployed on an enterprise network, that is the mapping between the domain name of the Web server and multiple IP addresses of deployed web servers are configured on the DNS server, configure multi-server smart DNS.
  3. Configure the NAT server function to map the destination address of an access packet from the public address to the private address of the web server.
  4. Configure sticky load balancing and use the inbound interface as the outbound interface of DNS response packets.

Enabling Smart DNS

  1. Access the system view.

    system-view

  2. Enable the smart DNS function.

    dns-smart enable

    By default, the smart DNS function is disabled.

Configuring Single-Server Smart DNS

Operation

Command

Description

Create a smart DNS group and access the smart DNS group view

dns-smart group group-id type single

-

Set the original IP address of the source server before smart DNS mapping

real-server-ip ip-address

ip-address specifies the IP address of the Web server on the enterprise intranet.

Select a traffic allocation mode

metric { out-interface | weightrr | roundrobin }

The ISP egress mode is used by default.

To ensure that the DNS reply address is on the same ISP network as the user's address and that traffic from the same ISP arrives at the web server over the same link, select the ISP egress mode.

To ensure that different DNS reply addresses are allocated to users so that traffic arrives the web server over different links for load balancing, select the Round Robin or Weighted Round Robin mode.

  • If the round robin mode is selected, run the weight-rule roundrobin ip-address &<1-8> command to configure weight rules. The default weight of each IP address is 32 and cannot be changed.
  • If the weighted round robin mode is selected, run the weight-rule weightrr{ ip-address weight-value } &<1-8> command to configure weight rules. Each IP address can be allocated a different weight.
NOTE:

After the metric command is executed, the smart DNS mapping table configured under the smart DNS group is cleared. You need to run the out-interface map to reconfigure the mapping table.

Configure smart DNS mapping

If the ISP egress-based traffic allocation mode is used

out-interface interface-type interface-number map new-ip-address

interface-type interface-number is the outbound interface on the FW connecting to a specific ISP. new-ip-address is the IP address after smart DNS mapping. This address must be obtained from the ISP network connected to interface-type interface-number.

NOTE:

The FW takes the outbound interface and original server address configured in the out-interface map command as matching conditions to match the payload information in the DNS reply packet. If the information is consistent, the FW changes the DNS reply address to the mapped address configured in the out-interface map command.

For example, if the original server address is 1.1.1.1 and mapping entry out-interface GigabitEthernet 0/0/1 map 2.2.2.2 is configured, the FW takes 1.1.1.1 and GE0/0/1 as a pair of matching conditions to match the payload information in the DNS reply packet.

If the address is 1.1.1.1 and the outbound interface is GE0/0/1 in the DNS reply packet, the FW changes the address to 2.2.2.2. If the address is 2.2.2.2 and the outbound interface is GE0/0/1 in the DNS reply packet, the FW does not change the address.

If the traffic allocation mode is set to round robin or weighted round robin

out-interface interface-type interface-number map weight-rule

The FW takes the outbound interface configured in the out-interface map command as a matching condition to match the payload information in the DNS reply packet.

Configuring Multi-server Smart DNS

Operation

Command

Description

Create a smart DNS group and access the smart DNS group view

dns-smart group group-id type multi

-

Select a traffic allocation mode

metric { out-interface | weightrr | roundrobin }

The ISP egress mode is used by default.

To ensure that the DNS reply address is on the same ISP network as the user's address and that traffic from the same ISP arrives at the web server over the same link, select the ISP egress mode.

To ensure that different DNS reply addresses are allocated to users so that traffic arrives the web server over different links for load balancing, select the Round Robin or Weighted Round Robin mode.

  • If the round robin mode is selected, run the weight-rule roundrobin ip-address &<1-8> command to configure weight rules. The default weight of each IP address is 32 and cannot be changed.
  • If the weighted round robin mode is selected, run the weight-rule weightrr{ ip-address weight-value } &<1-8> command to configure weight rules. Each IP address can be allocated a different weight.
NOTE:

After the metric command is executed, the smart DNS mapping table configured under the smart DNS group is cleared. You need to run the out-interface map to reconfigure the mapping table.

Configure smart DNS mapping

If the ISP egress-based traffic allocation mode is used

out-interface interface-type interface-number map new-ip-address

interface-type interface-number is the outbound interface on the FW connecting to a specific ISP. new-ip-address is the address after smart DNS mapping, which is also the public address of the ISP server on the intranet. One interface-type interface-number must correspond to one new-ip-address. For example, interface GE0/0/1 on the FW connecting to ISP1 must correspond to public IP address 1.1.1.10 of the ISP1 server.

NOTE:

interface-type interface-number and new-ip-address in different mapping rules form a pair of matching conditions. For example, if rules out-interface GigabitEthernet 0/0/1 map 1.1.1.1 and out-interface GigabitEthernet 0/0/2 map 2.2.2.2 are configured, GigabitEthernet 0/0/1 and 2.2.2.2 form a pair, and GigabitEthernet 0/0/2 and 1.1.1.1 form a pair.

If the address is 2.2.2.2 and the outbound interface is GigabitEthernet 0/0/1 in the DNS reply packet, the FW changes the address to 1.1.1.1. If the address is 1.1.1.1 and the outbound interface is GigabitEthernet 0/0/1 in the DNS reply packet, the FW does not change the address.

If the traffic allocation mode is set to round robin or weighted round robin

out-interface interface-type interface-number map weight-rule

The FW takes the outbound interface configured in the out-interface map command as a matching condition to match the payload information in the DNS reply packet.

Configuring Sticky Load Balancing

After sticky load balancing is configured and the FW forwards response packets, the FW uses the inbound interface as the outbound interface for response packets instead of searching for the outbound interface based on the routing table. This prevents slow access speed or service interruption caused by inconsistent forward and return paths.

Sticky load balancing can be configured only after an IP address and a gateway address are configured on the interface.

  1. Access the interface view.

    interface interface-type interface-number

  2. Configure sticky load balancing.

    redirect-reverse

    redirect-reverse next-hop ip-address [ per-packet ]

Parent Topic: Smart DNS (Inbound Link Selection)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >