F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

251

252

253

254

255

256

257

258

259

260

229

551BDNS proxy configuration example

1272BNetwork requirements

When the IP address of the DNS server changes, you must configure the new IP address of the DNS

server on each device on the LAN. To simplify network management, you can use the DNS proxy

function.

As shown in

2455HFigure 147:

• Specify Firewall as the DNS server of Device (the DNS client). Firewall acts as a DNS proxy. The IP

address of the real DNS server is 4.1.1.1.

• Configure the IP address of the DNS proxy on Device. DNS requests of Device B are forwarded to

the real DNS server through the DNS proxy.

Figure 147 Network diagram

1273BConfiguration procedure

Before performing the following configuration, assume that Device A, the DNS server, and the host are

reachable to each other and the IP addresses of the interfaces are configured as shown in

2456HFigure 147.

1. Configure the DNS server:

This configuration may vary with DNS servers. When a PC running Windows Server 2000 acts as

the DNS server, see "

2457HDynamic domain name resolution configuration example" for related

configuration information.

2. Configure the DNS proxy:

# Specify the DNS server 4.1.1.1.

<Firewall> system-view

[Firewall] dns server 4.1.1.1

# Enable DNS proxy.

[Firewall] dns proxy enable

3. Configure the DNS client:

# Enable the domain name resolution function.

<Device> system-view

[Device] dns resolve

# Specify the DNS server 2.1.1.2.

3.1.1.1/24

host.com

Device

DNS client

Firewall

DNS proxy

IP network

DNS server

2.1.1.1/24

2.1.1.2/24 1.1.1.1/24

4.1.1.1/24

Host