Login
- Table of Contents
-
- 06-Network
- 01-VRF
- 02-Interface
- 03-Interface pairs
- 04-Interface collaboration
- 05-4G
- 06-Security zones
- 07-VLAN
- 08-MAC
- 09-DNS
- 10-ARP
- 11-ND
- 12-GRE
- 13-IPsec
- 14-ADVPN
- 15-L2TP
- 16-SSL VPN
- 17-Routing table
- 18-Static routing
- 19-Policy-based routing
- 20-OSPF
- 21-BGP
- 22-RIP
- 23-IP multicast routing
- 24-PIM
- 25-IGMP
- 26-DHCP
- 27-HTTP
- 28-SSH
- 29-NTP
- 30-FTP
- 31-Telnet
- 32-MAC authentication
- 33-MAC address whitelist
- 34-MAC access silent MAC info
- 35-MAC access advanced settings
- 36-IP authentication
- 37-IPv4 whitelist
- 38-IPv6 whitelist
- 39-Wireless
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 09-DNS | 37.76 KB |
This help contains the following topics:
¡ DNS
¡ DDNS
Introduction
DNS
Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain names into IP addresses. IPv4 DNS translates domain names into IPv4 addresses, and IPv6 DNS translates domain names into IPv6 addresses.
The device can function as a DNS client. When the user runs a program on the device using a domain name (for example, Telnet to a device or host), DNS resolves the domain name into its IP address.
Domain name resolution can be static or dynamic:
· Static domain name resolution
Static domain name resolution means manually creating mappings between domain names and IP addresses. For example, you can create a static DNS mapping for a device so that you can Telnet to the device by using the domain name.
· Dynamic domain name resolution
To use dynamic domain name resolution, you must specify the IP address of the DNS server. Domain name resolution queries are sent to the DNS server.
You can configure a domain name suffix list so that the resolver can use the list to supply the missing part of an incomplete name. For example, you can configure com as the suffix for aabbcc.com. The user only needs to enter aabbcc to obtain the IP address of aabbcc.com. The resolver adds the suffix and delimiter before passing the name to the DNS server.
The name resolver handles the queries based on the domain names that the user enters:
¡ If the user enters a domain name without a dot (.) (for example, aabbcc), the resolver considers the domain name to be a host name. It adds a DNS suffix to the host name before performing the query operation. If no match is found for any host name and suffix combination, the resolver uses the user-entered domain name (for example, aabbcc) for the IP address query.
¡ If the user enters a domain name with a dot (.) among the letters (for example, www.aabbcc), the resolver directly uses this domain name for the query operation. If the query fails, the resolver adds a DNS suffix for another query operation.
¡ If the user enters a domain name with a dot (.) at the end (for example, aabbcc.com.), the resolver considers the domain name an FQDN and returns the successful or failed query result. The dot at the end of the domain name is considered a terminating symbol.
After a user specifies a name, the device checks the static name resolution table for an IP address. If no IP address is available, it contacts the DNS server for dynamic name resolution, which takes more time than static name resolution. To improve efficiency, you can put frequently queried name-to-IP address mappings in the local static name resolution table.
DDNS
DNS provides only the static mappings between domain names and IP addresses. When the IP address of a node changes, your access to the node fails.
Dynamic Domain Name System (DDNS) can dynamically update the mappings between domain names and IP addresses for DNS servers.
To use DDNS, you must first log in to the DDNS server to register an account. The device acts as the DDNS client and sends the DNS server a DDNS update request when the IP address of the device changes. The request contains the latest mapping of the domain name and IP address and user account credentials (username and password). After the DDNS client passes authentication, the DDNS server informs the DNS server to update the domain name and the IP address of the DDNS client.
DDNS is supported by only IPv4 DNS. It is used to update the mappings between domain names and IPv4 addresses.
A DDNS policy contains the DDNS server address, username, password, associated SSL client policy, and update time interval. After creating a DDNS policy, you can apply it to multiple interfaces to simplify DDNS configuration.
DNS service
The DNS service forwards DNS requests and responses between a DNS server and a DNS client. For the DNS service feature to operate correctly on a device, specify an IP address of the device as the DNS server IP for clients. The device with DNS service enabled performs the following functions:
1. On receiving a request from a client, the device looks up the local domain name cache for a match.
¡ If the device finds a match, it sends a DNS reply to the client.
¡ If the device does not find a match, it changes the destination IP address to the DNS server IP address, and the source IP address to the device IP address in the packet header. Then, the device sends the request to the DNS server.
2. On receiving a response from the server, the device records the domain name-to-IP address mapping and returns the response to the client.
The DNS service simplifies network management. When the DNS server address is changed, you can change the configuration only on the DNS service instead of on each DNS client.
DNS proxy
The DNS proxy feature allows DNS clients to use the IP address of the DNS server directly. The device with DNS proxy enabled performs the following functions:
1. On receiving a traversing request from a client, the device looks up the local domain name cache for a match.
¡ If the device finds a match, it sends a DNS reply to the client.
¡ If the device does not find a match, it replaces the source IP address with the device IP address in the packet header. Then, the device sends the request to the DNS server.
2. On receiving a response from the server, the device records the domain name-to-IP address mapping and returns the response to the client.
Restrictions and guidelines
· A DNS server address is required so that DNS queries can be sent to a correct server for resolution. If you specify both an IPv4 address and an IPv6 address, the device performs the following operations:
¡ Sends an IPv4 DNS query first to the DNS server IPv4 addresses. If the query fails, the device turns to the DNS server IPv6 addresses.
¡ Sends an IPv6 DNS query first to the DNS server IPv6 addresses. If the query fails, the devices turns to the DNS server IPv4 addresses.
· A DNS server address specified earlier has a higher priority. A DNS server address manually specified takes priority over a DNS server address dynamically obtained, for example, through DHCP. The device first sends a DNS query to the DNS server address of the highest priority. If the first query fails, it sends the DNS query to the DNS server address of the second highest priority, and so on.
· A DNS suffix configured earlier has a higher priority. A DNS suffix manually configured takes priority over a DNS suffix dynamically obtained, for example, through DHCP. The device first uses the suffix that has the highest priority. If the query fails, the device uses the suffix that has the second highest priority, and so on.
