Example: Configuring DNS Proxy Entries (NSM Procedure)

In this example, you create two DNS proxy entries that selectively forward DNS queries to different servers:

To configure a DNS proxy entry:

  1. Add a NS-208 security device running ScreenOS 5.1.
  2. In the main navigation tree, select Device Manager > Devices, and then double-click the device to open the device configuration.
  3. Add the tunnel.1 interface:
  4. In the device navigation tree, select Network > Interface.
  5. Click the Add icon and select tunnel interface.
  6. Click OK to save the new interface.
  7. Configure the Trust interface:
    • In the device navigation tree, select Network > Interface.
    • Double-click the trust interface. The General Properties screen appears.
    • Select Enable DNS Proxy.
    • Click OK to save the new interface.
  8. Configure general DNS proxy settings:
    • In the device navigation tree, select Network > DNS > DNS Proxy.
    • Select Configure DNS Proxy Instance.
    • Select Enable.
  9. Add the DNS proxy for acme.com:
    • Click the Add icon. The New DNS Proxy dialog box appears.
  10. Configure the following options, and then click OK:
    • For Domain Name, enter acme.com.
    • For Outgoing Interface, enter tunnel.1
    • For Primary DNS Server, enter 2.1.1.21.
    • Select Failover.
    • Add the DNS proxy for acme_eng.com:
    • Click the Add icon. The New DNS Proxy dialog box appears.
  11. Configure the following options, and then click OK:
    • For Domain Name, enter .acme_eng.com.
    • For Outgoing Interface, enter tunnel.1.
    • For Primary DNS Server, enter 2.1.1.34.
    • Select Failover.
    • Add the DNS proxy for all other DNS requests:
    • Click the Add icon. The New DNS Proxy dialog box appears.
  12. Configure the following options:
    • For Domain Name, enter *.
    • For Outgoing Interface, enter ethernet3
    • For Primary DNS Server, enter 1.1.1.23.
  13. Click OK to save your changes to the device.

Related Documentation