beautypg.com

Dns configuration task list – H3C Technologies H3C S5560 Series Switches User Manual

Page 101

background image

86

Figure 32 DNS spoofing application

The DNS proxy does not have the DNS server address or cannot reach the DNS server after startup. A

host accesses the HTTP server in following these steps:

1.

The host sends a DNS request to the device to resolve the domain name of the HTTP server into an
IP address.

2.

Upon receiving the request, the device searches the local static and dynamic DNS entries for a
match. Because no match is found, the device spoofs the host by replying a configured IP address.

The device must have a route to the IP address with the dial-up interface as the output interface.
The IP address configured for DNS spoofing is not the actual IP address of the requested domain
name. Therefore, the TTL field in the DNS reply is set to 0. When the DNS client receives the reply,

it creates a DNS entry and ages it out immediately.

3.

Upon receiving the reply, the host sends an HTTP request to the replied IP address.

4.

When forwarding the HTTP request through the dial-up interface, the device performs the following

operations:

{

Establishes a dial-up connection with the network.

{

Dynamically obtains the DNS server address through DHCP or another autoconfiguration

mechanism.

5.

Because the DNS entry ages out immediately upon creation, the host sends a DNS request to the
device again to resolve the HTTP server domain name into an IP address.

6.

The device operates the same as a DNS proxy. For more information, see "

DNS proxy

."

7.

After obtaining the IP address of the HTTP server, the host can access the HTTP server.

Without DNS spoofing, the device forwards the DNS requests from the host to the DNS server if it cannot

find a matching local DNS entry. However, the device cannot obtain the DNS server address, because

no dial-up connection is established. Therefore, the device cannot forward or answer the requests from

the client. DNS resolution fails, and the client cannot access the HTTP server.

DNS configuration task list

Tasks at a glance

Perform one of the following tasks:

Configuring the IPv4 DNS client

Configuring the IPv6 DNS client

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: