Dns Proxy - D-Link DFL-300 - Security Appliance User Manual

DNS-Proxy
The FIREWALL VPN ROUTER's Administrator may use the DNS Proxy
function to make the FIREWALL VPN ROUTER Firewall act as a DNS Server
for the Internal and DMZ network. All DNS requests to a specific Domain
Name will be routed to the firewall's IP address. For example, let's say an
organization has their mail server (i.e., mail.dfl300.com) in the DMZ network
(i.e. 192.168.10.10). The outside Internet world may access the mail server
of the organization easily by its domain name, providing that the
Administrator has set up Virtual Server or Mapped IP settings correctly.
However, for the users in the Internal network, their external DNS server will
assign them a public IP address for the mail server. So for the Internal
network to access the mail server (mail.dfl300.com), they would have to go
out to the Internet, then come back through the Firewall to access the mail
server. Essentially, the internal network is accessing the mail server by a
real public IP address, while the mail server serves their request by a NAT
address and not a real one.
This odd situation occurs when there are servers in the DMZ network and
they are bound to real IP addresses. To avoid this, set up DNS Proxy so all
the Internal network computers will use the FIREWALL VPN ROUTER as a
DNS server, which acts as the DNS Proxy.
If you want to use the DNS Proxy function of the FIREWALL VPN
ROUTER, the end user's main DNS server IP address should be the
same IP Address as the FIREWALL VPN ROUTER.
- 39 -