SRX

Expand all | Collapse all

DNS-Proxy/Split DNS

Jump to Best Answer
  • 1.  DNS-Proxy/Split DNS

    Posted 03-16-2020 09:53

    Hi,

    I am trying to configure proxy dns/split dns, currently I have the following:

     

    +    dns {
    +        dns-proxy {
    +            interface {
    +                ge-0/0/1.0;
    +            }
    +            default-domain domain.local {
    +                forwarders {
    +                    8.8.8.8;
    +                }
    +            }
    +            view domain2 {
    +                match-clients 192.168.1.5/32;
    +                match-clients 192.168.1.6/32;
    +                domain domain2.local {
    +                   forwarders {
    +                       172.16.1.1;
    +                   }
    +               }
    +           }
    +      }
    + }

    From what I am aware my current configuration makes 192.168.1.5 and 192.168.1.6 use 172.16.1.1 only, I want clients DNS for 192.168.1.5 and 192.168.1.6 internet traffic to forward via 8.8.8.8 and any traffic destined for 172.16.1.10 (msr.lan.com) to use DNS server 172.16.1.1.

     

    Is there a way to do this and what would the configuration look like.

     

    Thankyou.


    #dns
    #dns-proxy
    #splitdns


  • 2.  RE: DNS-Proxy/Split DNS

    Posted 03-17-2020 02:28

    The I have changed the config I use myself to match your requirements. Please let us know if it works.

     

    dns {
        dns-proxy {
            interface {
                ge-0/0/1.0;
            }
            view internal {
                match-clients 192.168.1.5/32;
                match-clients 192.168.1.6/32;
                domain domain2.local {
                    forwarders {
                        172.16.1.1;
                    }
                }
                domain * {
                    forwarders {
                        8.8.8.8;
                    }
                }
            }
        }
    }
    

     



  • 3.  RE: DNS-Proxy/Split DNS

    Posted 03-17-2020 07:52

    Hi Jonas,

     

    Thanks for the output.

     

    Just for my understanding the domain domain2.local defines the domain 192.168.1.5 and 192.168.1.6 are trying to reach and then any other DNS resolution that is not domain2.local goes to 8.8.8.8?

     

     



  • 4.  RE: DNS-Proxy/Split DNS
    Best Answer

    Posted 03-17-2020 08:01

    Correct, only requests from 192.168.1.5 + 192.168.1.6 for domain domain2.local will be forwarded to 172.16.1.1. If the request does not match domain2.local it will go to 8.8.8.8.

     

    You can define multiple domains this way with the "domain *" as the last option. Several views with different setups can be implemented as well.