Example: Configuring DNS Proxy Entries (NSM Procedure)

In this example, you create two DNS proxy entries that selectively forward DNS queries to different servers:

• A DNS query with a FQDN containing the domain name acme.com goes out tunnel interface tunnel.1 to the corporate DNS server at 2.1.1.21. When a host sends a DNS query to www.acme.com, the device automatically directs the query to this server, which resolves the query to 3.1.1.2.
• A DNS query with a FQDN containing the domain name acme_eng.com goes out tunnel interface tunnel.1 to the DNS server at 2.1.1.34. When a host sends a DNS query to the intranet.acme_eng.com, the device directs the query to this server, which resolves the query to 3.1.1.5.
• All other DNS queries bypass the corporate servers and go out interface ethernet3 to the DNS server at 1.1.1.23. When the host and domain name is www.juniper.net, the device automatically bypasses the corporate servers and directs the query to this server, which resolves the query to 207.17.137.68.

1. Add a NS-208 security device running ScreenOS 5.1.
2. In the main navigation tree, select Device Manager > Devices, and then double-click the device to open the device configuration.
3. Add the tunnel.1 interface:
4. In the device navigation tree, select Network > Interface.
5. Click the Add icon and select tunnel interface.
6. Click OK to save the new interface.
7. Configure the Trust interface:
   • In the device navigation tree, select Network > Interface.
   • Double-click the trust interface. The General Properties screen appears.
   • Select Enable DNS Proxy.
   • Click OK to save the new interface.
8. Configure general DNS proxy settings:
   • In the device navigation tree, select Network > DNS > DNS Proxy.
   • Select Configure DNS Proxy Instance.
   • Select Enable.
9. Add the DNS proxy for acme.com:
   • Click the Add icon. The New DNS Proxy dialog box appears.
10. Configure the following options, and then click OK:
    • For Domain Name, enter acme.com.
    • For Outgoing Interface, enter tunnel.1
    • For Primary DNS Server, enter 2.1.1.21.
    • Select Failover.
    • Add the DNS proxy for acme_eng.com:
    • Click the Add icon. The New DNS Proxy dialog box appears.
11. Configure the following options, and then click OK:
    • For Domain Name, enter .acme_eng.com.
    • For Outgoing Interface, enter tunnel.1.
    • For Primary DNS Server, enter 2.1.1.34.
    • Select Failover.
    • Add the DNS proxy for all other DNS requests:
    • Click the Add icon. The New DNS Proxy dialog box appears.
12. Configure the following options:
    • For Domain Name, enter *.
    • For Outgoing Interface, enter ethernet3
    • For Primary DNS Server, enter 1.1.1.23.
13. Click OK to save your changes to the device.

Related Documentation

• Example: Configuring DDNS Settings (NSM Procedure)
• Advanced Network Settings Overview