Getting started with DNS relay
In DNS relay, clients send DNS requests to a DNS resolver, which forwards the requests to a remote DNS server. In Secure SD-WAN, the engine can act as a local DNS resolver for clients in the internal network.
Figure: How DNS relay works
- 1
- Clients in the internal network send DNS requests to the engine.
- 2
- The engine forwards the DNS requests to remote DNS servers.
- 3
- Remote DNS servers send DNS responses to the engine.
- 4
- The engine provides the responses to the clients in the internal network.
The engine temporarily stores the results of DNS requests in its cache until the time limit specified in the time to live (TTL) value for the DNS entry is reached. When a client makes a DNS request for a domain that has recently been requested, the engine provides the IP address from the cache. Caching reduces the load on upstream DNS servers and improves performance.
In addition to providing DNS services for clients in the internal network, the engine can also optionally do the following:
- Return fixed DNS results for specific hosts or domains.
- Forward DNS requests to different DNS servers depending on the domain in the DNS request.
- Translate IPv4 addresses resolved by external DNS servers to IPv4 addresses in the internal network.
You can configure DNS relay on Single Engines, Engine Clusters, and Virtual Engines.