CLI: Example for Configuring Single-Server Smart DNS in ISP Egress Mode

This section provides an example for configuring single-server smart DNS in ISP egress mode.

Networking Requirements

As shown in Figure 1, an enterprise deploys ISP1 server to provide the web service whose domain name is www.example.com. The private IP address of ISP1 server is 10.1.1.10, and the public IP address after server mapping is 1.1.1.10. The DNS server on the enterprise intranet has the mapping between domain name www.example.com and ISP1 server address 1.1.1.10.

An ISP1 user who accesses www.example.com obtains ISP1 server address 1.1.1.10 and accesses ISP1 server through ISP1 network.

The enterprise also requests a public IP address 2.2.2.10 from ISP2. The enterprise expects that an ISP2 user accessing www.example.com can obtain the ISP2 address and access ISP1 server through ISP2 network.

Figure 1 ISP egress-based Single-server smart DNS networking

Configuration Roadmap

To enable ISP2 users to obtain ISP2 address 2.2.2.10, configure smart DNS in ISP egress mode to change IP address 1.1.1.10 after DNS resolution to 2.2.2.10.

Because only one web server is deployed on the intranet, you need to configure single-server smart DNS in ISP egress mode. Single-server smart DNS must work with the NAT server function. The configuration roadmap is as follows:

Enable smart DNS.
Configure single-server smart DNS in ISP egress mode.
Configure the NAT server function.
- Configure NAT Server for ISP1 server to provide services using a public IP address.
- Configure NAT Server for ISP2 address 2.2.2.10 so that the FW can map 2.2.2.10 to 10.1.1.10 for ISP2 users to access ISP1 server.
Configure the sticky load balancing function.

Procedure

Enable smart DNS.
```
<FW> system-view
[FW] dns-smart enable
```
Create a smart DNS group and configure an original server address and a smart DNS mapping in the group view.
1. Create smart DNS group 1.
```
[FW] dns-smart group 1 type single
```
2. Configure the original server address to 1.1.1.10.
```
[FW-dns-smart-group-1] real-server-ip 1.1.1.10
```
3. Configure a smart DNS mapping to map the server address to be sent to ISP2 users to 2.2.2.10.
```
[FW-dns-smart-group-1] out-interface GigabitEthernet0/0/2 map 2.2.2.10
```
4. Exit from the smart DNS group view.
```
[FW-dns-smart-group-1] quit
```
Configure the NAT server function.
1. Configure NAT Server for ISP1 address 1.1.1.10 so that the FW can map 1.1.1.10 to 10.1.1.10 for ISP1 users to access ISP1 server.
```
[FW] nat server for_isp1 global 1.1.1.10 inside 10.1.1.10 no-reverse
```
2. Configure NAT Server for ISP2 address 2.2.2.10 so that the FW can map 2.2.2.10 to 10.1.1.10 for ISP2 users to access ISP1 server.
```
[FW] nat server for_isp2 global 2.2.2.10 inside 10.1.1.10 no-reverse
```

Configure the sticky load balancing function.

[FW] interface GigabitEthernet0/0/1
[FW-GigabitEthernet0/0/1] ip address 1.1.1.2 24
[FW-GigabitEthernet0/0/1] gateway 1.1.1.1
[FW-GigabitEthernet0/0/1] redirect-reverse next-hop 1.1.1.1
[FW-GigabitEthernet0/0/1] quit
[FW] interface GigabitEthernet0/0/2
[FW-GigabitEthernet0/0/2] ip address 2.2.2.2 24
[FW-GigabitEthernet0/0/2] gateway 2.2.2.1
[FW-GigabitEthernet0/0/2] redirect-reverse next-hop 2.2.2.1
[FW-GigabitEthernet0/0/2] quit

Configuration Scripts

#
 nat server for_isp1 global 1.1.1.10 inside 10.1.1.10 no-reverse
 nat server for_isp2 global 2.2.2.10 inside 10.1.1.10 no-reverse
#
 dns-smart enable
#
interface GigabitEthernet0/0/1
 ip address 1.1.1.2 255.255.255.0
 redirect-reverse next-hop 1.1.1.1
 gateway 1.1.1.1
#
interface GigabitEthernet0/0/2
 ip address 2.2.2.2 255.255.255.0
 redirect-reverse next-hop 2.2.2.1
 gateway 2.2.2.1
#
 dns-smart group 1 type single
 real-server-ip 1.1.1.10
 out-interface GigabitEthernet0/0/2 map 2.2.2.10
#
return