Verifying the configuration, Dns proxy configuration example, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

228

system-view

[Sysname] dns resolve

# Specify the DNS server 2.1.1.2.

[Sysname] dns server 2.1.1.2

# Configure com as the name suffix.

[Sysname] dns domain com

Verifying the configuration

# Use the ping host command on the SecPath to verify that the communication between the SecPath and

the host is normal and that the corresponding destination IP address is 3.1.1.1.

[Sysname] ping host

Trying DNS resolve, press CTRL_C to break

Trying DNS server (2.1.1.2)

PING host.com (3.1.1.1):

56 data bytes, press CTRL_C to break

Reply from 3.1.1.1: bytes=56 Sequence=1 ttl=126 time=3 ms

Reply from 3.1.1.1: bytes=56 Sequence=2 ttl=126 time=1 ms

Reply from 3.1.1.1: bytes=56 Sequence=3 ttl=126 time=1 ms

Reply from 3.1.1.1: bytes=56 Sequence=4 ttl=126 time=1 ms

Reply from 3.1.1.1: bytes=56 Sequence=5 ttl=126 time=1 ms

--- host.com ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 1/1/3 ms

DNS proxy configuration example

NOTE:

In this configuration example, either Device A or Device B is the SecPath firewall.

Network requirements

When the IP address of the DNS server changes, you must configure the new IP address of the DNS

server on each device on the LAN. To simplify network management, you can use the DNS proxy

function.
As shown in

Figure 140

:

•

Specify Device A as the DNS server of Device B (the DNS client). Device A acts as a DNS proxy.
The IP address of the real DNS server is 4.1.1.1.

•

Configure the IP address of the DNS proxy on Device B. DNS requests of Device B are forwarded
to the real DNS server through the DNS proxy.