Sangfor's Internet access control supports DNS proxy. Users can set DNS proxy scope based on the end-user group, access website type, access domain name, and destination DNS server. It also supports various proxy types, including redirecting to a specified DNS server, redirecting to the specified line, resolving fixed IP addresses, and discarding.

When multiple Internet links are deployed in the network, most users will be assigned to the same link because all LAN users write the DNS server of a particular ISP. As a result, the link always remains in the busy state, resulting in a situation where the access speed of users on this link slows down while the other link stays idle. The uneven utilization of links leads to a waste of Internet resources and cannot guarantee the access speed of users.

With the DNS server transparent proxy of Sangfor's Internet access control, regardless of the ISP to which users' DNS server addresses, the DNS server requests can be forwarded by Sangfor's Internet access control device and returned to LAN PCs via a proper DNS server. Based on the preset load algorithm, traffic can be assigned to various links according to the configured link utilization policy. It makes the traffic on both links in the users' network always meet the administrator's expectations and ensures the utilization of all links.

• Redirect to DNS server: DNS server's IP address

• Resolve to IP address: Resolve the domain name to an IP address directly

• Drop DNS packet: Discard DNS server requests directly

• Forward to specified line: redirect to the specified port (ISP)