< Home

Configuring DNS Transparent Proxy

This section describes how to configure DNS transparent proxy on the web UI.

Procedure

  1. Choose Network > DNS > DNS, click the Transparent DNS Proxy tab.
  2. Set basic parameters of DNS transparent proxy.
    1. Enable Transparent DNS Proxy.
    2. Click Add in Basic Configuration to bind the interface to the DNS server. After the configuration is complete, click OK.

      Parameter

      Description

      WAN interface

      Interface on the FW connecting to different ISP links.

      When a DNS query message is forwarded through this interface, the packet destination address is substituted with the DNS server address bound on the interface.

      NOTE:

      The WAN interface can be bound only to the root system, not to virtual systems.

      Preferred DNS server

      Address of the DNS server on the ISP network connecting to the WAN interface.

      The FW substitutes the destination addresses of DNS query messages with the address of the preferred DNS server preferentially.

      Alternate DNS server

      Address of the DNS server on the ISP network connecting to the WAN interface.

      When the preferred DNS server is Down, the FW will substitute the destination addresses of DNS query messages with the address of the alternate DNS server.

      Health Check

      Apply health check to the interface.

      Check interval

      Interval for sending probe packets.

      Failure count

      Number of probe failures

    3. Configure the intelligent uplink selection mode for DNS transparent proxy.

      Parameter

      Description

      Global route selection

      Set the routing mode of DNS transparent proxy to the global route selection mode.

      Load balancing based on link bandwidth

      Set the routing mode of DNS transparent proxy to load balancing by link bandwidth and complete the following configurations.

      1. Click Add in Outgoing Interface List. WAN Interface/Carrier/Interface Group is automatically selected.
      2. Specify member interfaces, which can be interfaces, ISPs, or interface groups.
      3. Click OK.

      Load balancing based on link weights

      Set the routing mode of DNS transparent proxy to load balancing by link weight and complete the following configurations.

      1. Click Add in Outgoing Interface List. WAN Interface/Carrier/Interface Group is automatically selected.
      2. Specify member interfaces, which can be interfaces, ISPs, or interface groups.
      3. Set Weight of the member interfaces.
      4. Click OK.

      Active/standby backup based on link priorities
      1. Click Add in Outgoing Interface List. WAN Interface/Carrier/Interface Group is automatically selected.
      2. Specify member interfaces, which can be interfaces, ISPs, or interface groups.
      3. Set Priority of the member interfaces.
      4. Click OK.

    4. Click Apply.
  3. Configure domain name exception. Click Add in Domain Name Exception list and specify the domain names to which DNS transparent proxy does not apply.

    Parameter

    Description

    Domain Name

    Set the domain names to which DNS transparent proxy does not apply.

    Preferred DNS Server

    Set the IP address of the primary DNS server.

    If IP address of the primary DNS server is specified for the domain names to which DNS transparent proxy does not apply, DNS packets are forwarded to the primary DNS server, not to the DNS server specified on clients.

    Alternate DNS Server

    Set the IP address of the secondary DNS server.

    If both the IP addresses of the primary and secondary DNS servers, DNS packets are forwarded to the primary DNS server. If the primary DNS server is Down, DNS packets are forwarded to the secondary DNS server.

    After you set a domain name to which DNS transparent proxy does not apply, even if the DNS server specified on a client requires DNS transparent proxy, the FW will not process the DNS packets accessing the domain name, but forwards them directly.

    You can set a maximum of 512 domain names to which DNS transparent proxy does not apply.

  4. Configure Proxy Policy. Click Add to configure a DNS transparent proxy policy.

    Parameter

    Description

    Name

    Name of the DNS transparent proxy policy rule

    Description

    Description of the DNS transparent proxy policy rule

    Tag

    The label identifies and categorizes the policy. You can query policies based on labels and delete, move, enable, or disable policies in batches based on the query results. For the label description and configuration, see Tag.

    Source Address

    Set the source IP address as a matching condition of the PBR rule.

    NOTE:

    You can specify source addresses or address groups to be excluded from the policy (namely, these addresses or address groups are not subject to the policy). Excluded source addresses or address groups are usually used to exclude specific addresses from a wide network segment.

    Select the corresponding address or address group, click Invert, and then click OK.

    Destination Address

    Set the destination IP address as a matching condition of the PBR rule.

    NOTE:

    You can specify destination addresses or address groups to be excluded from the policy (namely, these addresses or address groups are not subject to the policy). Excluded destination addresses or address groups are usually used to exclude specific addresses from a wide network segment.

    Select the corresponding address or address group, click Invert, and then click OK.

    Action

    Action that will be taken on packets matching the PBR rule:

    • Proxy

    • No proxy

  5. Click OK.
Parent Topic: Web Configuration Reference for Intelligent Uplink Selection
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >