Log in

Sangfor Support Center

Table of Contents
< All Topics
Print

[IAG] DNS proxy “redirect to DNS server” function does not take effect

Posted
Updated
Byadmin
Views4

Problem Description

When the DNS server is on the intranet, the "Redirect to DNS server" function of the DNS proxy does not take effect.

Root cause

The essence of the "redirect to DNS server" function is DNAT
In fact, it converts the target IP of the DNS packet into the specified DNS
If this DNS server is in the intranet, then after the conversion, the DNS server reply packet will be directly returned to the PC. This results in inconsistent back-and-forth paths, making communication impossible.

solution

Routing mode: You can do a SNAT to convert the source IP of the data accessing the intranet DNS server into the LAN port address of the IAG. This way the path back and forth is consistent.
Bridge mode: There is no solution. You can only put the DNS server in the WAN direction of IAG.

Original Link

https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=7909&isOpen=true