Configuring the Device as a DNS Proxy

JUNOS software incorporates Domain Name System (DNS) support, which allows you to use domain names as well as IP addresses for identifying locations. A DNS server keeps a table of the IP addresses associated with domain names. Using DNS enables a device to reference locations by domain name (such as www.juniper.net) in addition to using the routable IP address (207.17.137.68 for juniper.net). DNS enhancements include:

• DNS proxy—The device proxies hostname resolution requests on behalf of the clients behind the J-series or SRX-series device. DNS proxy improves domain lookup performance because of caching. For more information, see DNS Proxy Overview.
• Split DNS—The device redirects DNS queries over a secure connection to a specified DNS server in the private network. Split DNS prevents malicious users from learning the network configuration, and thus also prevents domain information leaks. Once configured, split DNS operates transparently. For more information, see DNS Proxy with Split DNS.
• Dynamic DNS (DDNS) client—Servers protected by the device remain accessible despite dynamic IP address changes. For example, a protected Web server continues to be accessible with the same hostname, even after the dynamic IP address changed because of address reassignment by the Dynamic Host Configuration Protocol (DHCP) of an Internet service provider (ISP). For more information, see Dynamic Domain Name System Client.

You can use J-Web Quick Configuration or a configuration editor to configure the device as a DNS proxy.

This chapter contains the following topics:

• DNS Proxy Overview
• Configuring DNS Proxy with Quick Configuration
• Configuring the Device as a DNS Proxy with the CLI
• Verifying the DNS Server Configuration

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.