Configuring Dns Settings; Configuring Dns Proxy - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Configuring ScreenOS Devices Guide

Configuring DNS Settings

Configuring DNS Proxy

Related
Documentation
104
Specify the IP addresses for a primary DNS server and a secondary DNS server, and then
specify a refresh interval. You can configure the device to refresh all the entries in its DNS
table by checking them with a specified DNS server at a specific time of day at regularly
scheduled intervals. Alternatively, you can select Never Refresh to ensure that the device
does not update its DNS table.
NOTE: The device automatically attempts to refresh its DNS table after an
HA failover occurs.
For more detailed explanation about configuring DNS on security devices, see the
"Fundamentals" volume in the Concepts & Examples ScreenOS Reference Guide.
Use a DNS proxy to enable split DNS queries. The proxy selectively redirects the DNS
queries to specific DNS servers according to partial or complete domain names. This is
useful when VPN tunnels or PPPoE virtual links provide multiple network connectivity,
and it is necessary to direct some DNS queries to one network, and other queries to
another network.
NOTE: You can configure DNS proxy for the root device in a vsys, but not for
the individual vsys devices.
You can use DNS proxies to make domain lookups more efficient. For example, to reduce
load on the corporate server, you can route DNS queries meant for the corporate domain
to the corporate DNS server, while routing other DNS queries to the ISP DNS server. You
can also use DNS proxy to transmit selected DNS queries through a tunnel interface,
preventing malicious users from learning about internal network configuration.
To use a DNS proxy, you must:
Select DNS proxy on the device in the DNS Proxy Setting screen
Select DNS proxy on the interface in the interface General Properties screen.
Additionally, you should also point the DNS servers (defined in DNS Settings) to the
loopback IP address (127.0.0.1).
To configure a DNS proxy to use a default DNS server, set the domain name as the asterisk
character (*) for the default DNS proxy, and then select the "failover" option for all
nondefault DNS proxies.
Example: Configuring DNS Proxy Entries (NSM Procedure) on page 105
Example: Configuring DDNS Settings (NSM Procedure) on page 106
Advanced Network Settings Overview on page 108
Copyright © 2010, Juniper Networks, Inc.