Configuring the Router as a DNS Proxy

JUNOS software with enhanced services incorporates Domain Name System (DNS) support, which allows you to use domain names as well as IP addresses for identifying locations. A DNS server keeps a table of the IP addresses associated with domain names. Using DNS enables a router to reference locations by domain name (such as www.juniper.net) in addition to using the routable IP address (207.17.137.68 for juniper.net). A J-series Services Router running JUNOS software with enhanced services includes the following DNS enhancements:

• DNS proxy—The router proxies hostname resolution requests on behalf of the clients behind the Services Router. DNS proxy improves domain lookup performance because of caching. For more information, see DNS Proxy Overview.
• Split DNS—The router redirects DNS queries over a secure connection to a specified DNS server in the private network. Split DNS prevents malicious users from learning the network configuration, and thus also prevents domain information leaks. Once configured, split DNS operates transparently. For more information, see DNS Proxy with Split DNS.
• Dynamic DNS (DDNS) client—Servers protected by the router remain accessible despite dynamic IP address changes. For example, a protected Web server continues to be accessible with the same hostname, even after the dynamic IP address changed because of address reassignment by the Dynamic Host Configuration Protocol (DHCP) of an Internet service provider (ISP). For more information, see Dynamic Domain Name System Client.

You can use J-Web Quick Configuration or a configuration editor to configure the router as a DNS proxy.

This chapter contains the following topics:

• DNS Proxy Overview
• Configuring DNS Proxy with Quick Configuration
• Configuring the Router as a DNS Proxy with the CLI
• Verifying the DNS Server Configuration