Dns spoofing – H3C Technologies H3C SecPath F1000-E User Manual
Page 238
213
The DNS proxy simplifies network management. When the DNS server address is changed, you only
need to change the configuration on the DNS proxy instead of on each DNS client.
Figure 121 DNS proxy networking application
DNS proxy operates as follows:
1.
A DNS client considers the DNS proxy as the DNS server, and sends a DNS request to the DNS
proxy, that is, the destination address of the request is the IP address of the DNS proxy.
2.
The DNS proxy searches the local static domain name resolution table after receiving the request.
If the requested information exists in the table, the DNS proxy returns a DNS reply to the client.
3.
If the requested information does not exist in the static domain name resolution table, the DNS
proxy sends the request to the designated DNS server for domain name resolution.
4.
After receiving a reply from the DNS server, the DNS proxy forwards the reply to the DNS client.
NOTE:
With no DNS server or no route to a DNS server specified, the DNS proxy does not forward DNS requests,
or answer the requests from the DNS clients.
DNS spoofing
Figure 122 Network diagram
DNS spoofing is applied to the dial-up network, as shown in
DNS client
DNS proxy
IP network
DNS server
DNS client
DNS client
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer