This article provides examples of DNS flows when using Cato as your DNS server.
This section shows several DNS flow examples. Each one explains how Cato's DNS service works in a different configuration.
The following diagram shows an example of an account that uses the Cato DNS server (10.254.254.1). The same flow applies to any trusted DNS server.
-
A host requests to resolve a public domain (abc.com).
-
The Cato PoP intercepts the DNS query and checks for the destination IP address. The PoP performs DNS inspection, checks for DNS forwarding rules and for local DNS records in the cache.
-
No matching DNS records are identified in the cache.
-
The PoP then forwards the DNS query to a trusted public DNS server (10.254.254.1) and performs SNAT.
-
When the trusted DNS server sends back the response, the PoP translates back the source and destination IP addresses and forwards the response to the originating host.
The PoP also stores the DNS response in the cache.
The following diagram shows an example of using an untrusted DNS server (IP address: 208.67.222.222 - OpenDNS).
-
The PoP forwards the DNS query "as-is" to the destination (abc.com) over the internet.
-
The PoP performs NAT on the source IP address (with the PoP public IP address).
The PoP doesn't perform DNS inspection or DNS forwarding rules.
The following diagram shows an example of a DNS query to Cato's DNS service (10.254.254.1) when DNS forwarding rules are applied (*.local.org).
-
The PoP inspects the DNS query, and checks for forwarding rules.
-
The PoP redirects the DNS query to the remote DNS server (192.168.5.5).
The PoP doesn't cache DNS responses from a forwarding DNS server.
0 comments
Please sign in to leave a comment.