How to set the ProxySG to act as a DNS server for a Client

book

Article ID: 168328

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

In cases where an organization requires a DNS server query to respond with a specific IP address it's prudent to force the ProxySG return the desired IP address for all internal users.  The ProxySG itself can act as an primary or secondary DNS server for users in networks secured by a ProxySG appliance, however, this requires special configuration.

Cause

Once the ProxySG contacts an internal or external DNS server to get IP resolution on a URL and it receives the answer from the DNS server in the form of an IP address, it cannot further manipulate or change it. The only other way for the ProxySG to influence the IP address that get mapped to a certain URL is for it to act as a DNS server for the client. By doing so, the ProxySG will perform the initial IP address resolution itself. If it cannot, then it can still refer to the configured DNS server(s) to do the resolution.

Resolution

1. Set the DNS service under Proxy Services to Intercept

On Management Console, Go to Configuration -> Services -> Proxy Services -> Under Standard Service Group, highlight DNS service and choose intercept for the Action.

User-added image


2. Open VPM and add a DNS Access Layer. Configure Source or Destination Objects and then Action according to what is desired. For example, if it is required to resolve cnn.com to 1.1.1.1 (just an example) for any client, then leave Source Object set to Any, Set Destination Object to DNS Response CNAMEUser-added image

and set the Action to Send DNS Response

User-added image

The VPM afterwards will look like this:

User-added image



3. Configure the client to have its only or primary DNS server to be the ProxySG itself by configuring the Proxy IP as the DNS server.

The next time a request comes in to the ProxySG with cnn.com as its domain, it will be mapped to 1.1.1.1. For any other requests for other domains not covered by the DNS Access Layer, the ProxySG will contact the DNS servers it is configured with for IP address resolution as normal. These DNS servers are configured under Configuration -> Network -> DNS as normal:

User-added image
 

Attachments