You configure the device as a DNS proxy server by enabling DNS proxy on a logical interface—for example, ge-0/0/1.0—and configuring a set of name servers that are to be used for resolving the specified domain names. You can specify a default domain name by using an asterisk (*) and then configure a set of name servers for resolution. Use this approach when you need global name servers to resolve domain name entries that do not have a specific name server configured.
For example, the following configuration enables DNS proxy on logical interface ge-0/0/1.0, sets a default domain name, and specifies global name servers at IP addresses 172.17.28.100 and 172.17.28.101:
[edit system services]
- dns-proxy {
-
- interface {
- ge-0/0/1.0;
- }
-
- server-select default {
- domain name * ;
-
- name-server {
- 172.17.28.100;
- 172.17.28.101;
- }
- }
- }
To configure split DNS with name servers that are accessed through a VPN tunnel, you must correctly specify the configuration for route-based VPN to prevent domain name query leaks.
For syntax information, see the JUNOS Software CLI Reference.