beautypg.com

Dns suffixes, Dns proxy – H3C Technologies H3C SecPath F1000-E User Manual

Page 237

background image

212

Figure 120 Dynamic domain name resolution

Figure 120

shows the relationship between the user program, DNS client, and DNS server. The resolver

and cache comprise the DNS client. The user program and DNS client can run on the same device or

different devices, while the DNS server and the DNS client usually run on different devices.
Dynamic domain name resolution allows the DNS client to store latest mappings between domain names

and IP addresses in the dynamic domain name cache. There is no need to send a request to the DNS
server for a repeated query next time. The mappings are removed from the cache after some time to

make sure latest entries are obtained from the DNS server. The DNS server decides how long a mapping

is valid, and the DNS client gets the aging time from DNS messages.

DNS suffixes

The DNS client normally holds a list of suffixes that can be defined by users. It is used when the name to
be resolved is incomplete. The resolver can supply the missing part. For example, a user can configure

com as the suffix for aabbcc.com. After that, the user only needs to enter aabbcc, and the resolver will

add the suffix and delimiter. The following describes more details.

If there is no dot in the inputted domain name (for example, aabbcc), the resolver will consider it a
host name and add a DNS suffix before query. If no match is found after all the configured suffixes

are used respectively, the original domain name (for example, aabbcc) is used for query.

If there is a dot in the inputted domain name (for example, www.aabbcc), the resolver will directly
use this domain name for query. If the query fails, the resolver adds a DNS suffix for another query.

If the dot is at the end of the domain name (for example, aabbcc.com.), the resolver will consider
it a fully qualified domain name (FQDN) and return the query result, successful or failed. Hence, the

dot (.) at the end of the domain name is called the terminating symbol.

The firewall supports static and dynamic DNS services.

NOTE:

If an alias is configured for a domain name on the DNS server, the firewall can resolve the alias into the
IP address of the host.

DNS proxy

A DNS proxy forwards DNS requests and replies between DNS clients and a DNS server.
As shown in

Figure 121

, a DNS client sends a DNS request to the DNS proxy, which forwards the request

to the designated DNS server, and conveys the reply from the DNS server to the client.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: