Citrix SD-WAN Orchestrator

Domain Name System settings

Domain Name System (DNS) translates human readable domain names to machine-readable IP addresses, and the opposite way. Citrix SD-WAN provides the following DNS features:

  • DNS Proxy
  • DNS Transparent Forwarding

To configure DNS settings, in the Site configuration page, navigate to Configuration > Advanced Settings > DNS Settings.

Site config DNS settings

Site specific DNS servers

On the Site specific DNS servers tab, click + DNS Server to configure site-specific DNS servers to which the DNS requests are routed. Provide a name for the DNS server. Choose one of the following service types:

  • Static: Intercepts the DNS requests destined to the Citrix SD-WAN IP address and forwards it to the specified IPv4 DNS servers. You can create internal, ISP, google or any other open source DNS service.

  • Dynamic: Intercepts the DNS requests destined to the Citrix SD-WAN IP address and redirects it to one of the IPv4 DNS servers learned from the DHCP based WAN links. If the WAN link goes down, another DHCP based WAN links DNS server is chosen. This feature is useful in the deployment where ISPs allow DNS requests only to DNS servers hosted by them. Dynamic DNS service can be configured at site level only. Only one dynamic DNS service is permitted per site.

  • StaticV6: Intercepts the DNS requests destined to the Citrix SD-WAN IP address and forwards it to the specified IPv6 DNS servers. You can create internal, ISP, google or any other open source DNS service.

  • DynamicV6: Intercepts the DNS requests destined to the Citrix SD-WAN IP address and redirects it to one of the IPv6 DNS servers learned from the DHCP based WAN links. If the WAN link goes down, another DHCP based WAN links DNS server is chosen. This feature is useful in the deployment where ISPs allow DNS requests only to DNS servers hosted by them. Dynamic DNS service can be configured at site level only. Only one dynamic DNS service is permitted per site.

To configure the Static DNS service, select the Type as Static (for IPv4 address) or StaticV6 (for IPv6 address) and enter a pair of Primary DNS and Secondary DNS server IP addresses.

To configure Dynamic DNS service, select the Type as Dynamic (for IPv4 address) or DynamicV6 (for IPv6 address)and select Internet for Service Type and Service Instance.

The corresponding DNS proxy services get listed in the InBand Management DNS drop-down list under Site Configuration > Interfaces.

Site specific DNS servers

DNS proxy

DNS proxy intercepts the DNS requests destined to the SD-WAN IP address and forwards it to the selected DNS servers. You can configure a proxy with multiple forwarders that helps steering DNS requests based on application domain names.

Site specific DNS servers

  • DNS proxy settings:
    • DNS Proxy Name: Name of the DNS Proxy.
    • Interfaces to intercept DNS requests: The interfaces on which the DNS requests are intercepted. Only trusted interfaces are allowed.
    • Default DNS Server for all traffic: The default DNS server to which the DNS requests is forwarded, if none of the applications match in the DNS forwarder look-up.
    • IPv4 Default DNS Service: The IPv4 default DNS service to which the DNS requests are forwarded, if none of the applications match in the DNS forwarder look-up.
    • IPv6 Default DNS Service: The IPv6 default DNS service to which the DNS requests are forwarded, if none of the applications match in the DNS forwarder look-up.
  • App specific DNS Forwarding rules:
    • Application: Applications for which DNS requests have to be forwarded to the selected DNS server.
    • IPv4 DNS Service: The IPv4 DNS service that the DNS request is forwarded to for the specified application.
    • IPv6 DNS Service: The IPv6 DNS service that the DNS request is forwarded to for the specified application.

DNS transparent forwarders

Citrix SD-WAN can be configured as a transparent DNS forwarder. In this mode, SD-WAN can intercept DNS requests that are not destined to its IP address and forward them to the specified DNS servers. Only the DNS requests coming from the local service on trusted interfaces are intercepted. If the DNS requests match any applications in the DNS forwarder list, then it is forwarded to the configured DNS service.

DNS transparent forwarder

  • Application: Applications for which DNS requests have to be forwarded to the selected DNS server.
  • IPv4 DNS Service: The IPv4 DNS service that the DNS request is forwarded to for the specified application.
  • IPv6 DNS Service: The IPv6 DNS service that the DNS request is forwarded to for the specified application.
Domain Name System settings