DNS Response Substitution [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Next revision    		Previous revision
    en:dpi:dpi_options:dns_substitution:start [2024/06/11 13:00] – created elena.krasnobryzhen:dpi:dpi_options:dns_substitution:start [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
    Line 1: Line 1:
    -{{indexmenu_n>15}} 
    -====== DNS Response Substitution ====== 
    -===== Purpose ===== 
    -The DNS response substitution service allows changing the IP addresses returned by the DNS server for specific domain names. This allows influencing DNS server responses by overriding IP addresses in server replies for certain types of DNS queries specified in the service settings.\\ 
    -This service is effective for controlling client DNS queries and redirecting them to alternative IP addresses. It is particularly useful when you need to direct the user to a different resource than the one requested. 
      
    -==== Service Operation Scheme ==== 
    -  - The client makes a specific type of query to the DNS server (e.g., A record type). 
    -  - The DNS server returns a response (for A record type, this is an IP address). 
    -  - DPI sees the query and checks if the substitution service is assigned to this client. 
    -  - If the service is assigned, DPI modifies the original DNS server response according to the specified rules in the service. 
    -  - DPI forwards the modified response to the client. The client does not notice the modification and considers the response legitimate. 
    - 
    -===== Configuration ===== 
    -  - Create a text file and add DNS substitution rules to it by specifying the domain name, DNS record type, and the IP address that will be returned in the response for that domain: 
    -<code bash>vi test.txt 
    -google.com A 1.2.3.4 
    -example.com A 5.6.7.8</code> 
    -  - Use the ''dns2dic'' utility to convert the text file into a binary format understandable by DPI: 
    -<code bash>cat test.txt | dns2dic test.bin</code> 
    -  - Place the resulting binary file in the directory from which DPI will read it: 
    -<code bash>cp test.bin /var/lib/dpi/dns.bin</code> 
    -  - Execute a reload to refresh the DPI configuration and read the new substitution list: 
    -<code bash>service fastdpi reload</code> 
    - 
    -===== Management ===== 
    -Command format: 
    -<code bash>fdpi_ctrl [command] --service 19 [options list] [login or vchannel]</code> 
    - 
    -Enabling the service: 
    -<code bash>fdpi_ctrl load --service 19 --login test  
    -#or 
    -fdpi_ctrl load --service 19 --vchannel 1</code> 
    - 
    -Disabling the service: 
    -<code bash>fdpi_ctrl del --service 19 --login test 
    -#or 
    -fdpi_ctrl del --service 19 --vchannel 1</code>