Manualshelf

R0106-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
919293949596979899100
82
Figure 32 DNS spoofing application
The DNS proxy does not have the DNS server address or cannot reach the DNS server after startup. A
host accesses the HTTP server in the following steps:
1. The host sends a DNS request to the device to resolve the domain name of the HTTP server into an
IP address.
2. Upon receiving the request, the device searches the local static and dynamic DNS entries for a
match. Because no match is found, the device spoofs the host by replying a configured IP address.
The device must have a route to the IP address with the dial-up interface as the output interface.
The IP address configured for DNS spoofing is not the actual IP address of the requested domain
name. Therefore, the TTL field is set to 0 in the DNS reply. When the DNS client receives the reply,
it creates a DNS entry and ages it out immediately.
3. Upon receiving the reply, the host sends an HTTP request to the replied IP address.
4. When forwarding the HTTP request through the dial-up interface, the device performs the following
operations:
{ Establishes a dial-up connection with the network.
{ Dynamically obtains the DNS server address through DHCP or another autoconfiguration
mechanism.
5. Because the DNS entry ages out immediately upon creation, the host sends a DNS request to the
device again to resolve the HTTP server domain name into an IP address.
6. The device operates the same as a DNS proxy. For more information, see "DNS proxy."
7. After obtaining the IP address of the HTTP server, the host c
an access the HTTP server.
Without DNS spoofing, the device forwards the DNS requests from the host to the DNS server if it cannot
find a matching local DNS entry. However, the device cannot obtain the DNS server address, because
no dial-up connection is established. Therefore, the device cannot forward or answer the requests from
the client. DNS resolution fails, and the client cannot access the HTTP server.
DNS configuration task list
Tasks at a
g
lance
Perform one of the following tasks:
Configuring the IPv4 DNS client
Configuring the IPv6 DNS client
(Optional.) Configuring the DNS proxy