No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

AR500, AR510, and AR530 V200R007

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
DNS Configuration Commands

DNS Configuration Commands

ddns apply policy

Function

The ddns apply policy command binds a DDNS policy to an interface.

The undo ddns apply ddns policy command deletes a DDNS policy from an interface.

By default, no DDNS policy is bound to an interface.

Format

ddns apply policy policy-name [ fqdn domain-name ]

undo ddns apply policy [ policy-name ]

Parameters

Parameter

Description

Value

policy-name

Specifies a DDNS policy name.

The value is a string of 1 to 32 case-sensitive characters without spaces.

fqdn domain-name

Specifies domain name updated by the DDNS.

The value is a string of 1 to 128 case-sensitive characters without spaces.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

DNS provides static mappings between domain names and IP addresses. When IP addresses of interfaces change, DNS cannot dynamically update mappings. After the specified DDNS policy is applied on an interface, if the IP address of the interface changes, the DDNS policy updates mapping between the specified Fully Qualified Domain Name (FQDN) and the IP address.

If a DDNS policy with the same name is bound to an interface repeatedly and different FQDNs are specified, only the latest configuration takes effect and a DDNS update is initiated.

Precautions

On the AR510, a maximum of five DDNS policies can be applied to an interface; on other models, a maximum of six DDNS policies can be applied to an interface.

NOTE:

The FQDN can be configured only on DDNS servers provided by vendors at www.3322.org and www.dyndns.com.

Example

# Bind the DDNS policy to GE0/0/1.

<Huawei> system-view
[Huawei] interface gigabitethernet 0/0/1 
[Huawei-GigabitEthernet0/0/1] ddns apply policy mypolicy fqdn www.abc.com

# Delete the DDNS policy from GE0/0/1.

<Huawei> system-view
[Huawei] interface gigabitethernet 0/0/1 
[Huawei-GigabitEthernet0/0/1] undo ddns apply policy mypolicy

display ddns interface

Function

The display ddns interface command displays the configuration of DDNS policies on an interface.

Format

display ddns interface interface-type interface-number

Parameters

Parameter

Description

Value

interface interface-type interface-number

Specifies the type and number of the interface to which DDNS policies are bound.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

None

Example

# Display the configuration of DDNS policies on GE 0/0/1.

  • When the update mode of the DDNS client is http, the command output is as follows:

    <Huawei> display ddns interface gigabitethernet 0/0/1
    =====  Policy JackPolicy =======                                                
      URL: oray://<username>:<password>@phddnsdev.oray.net
      Status: START                                                              
      Refresh:  enable   
    
  • When the update mode of the DDNS client is ddns, the command output is as follows:

    <Huawei> display ddns interface gigabitethernet 0/0/1
    =====  Policy 1 =======                                                         
      Update method : ddns                                                          
      Name-server   : test.vpn.com                                                  
Table 7-34  Description of the display ddns interface command output

Item

Description

URL

Uniform Resource Location (URL) in a DDNS service request. This field is empty when the URL is not configured.This field is available when the update mode of the DDNS client is set to http using the method http command.

To configure the URL, run the url command.

Status

Status of an applied DDNS policy:
  • ESTABLISH: The DDNS policy is updated successfully.
  • START: The DDNS policy is being updated.
  • INIT: The DDNS policy is in initial state. That is, DDNS policy updates are not triggered.
  • AUTHENTICATION FAILED: The DDNS policy is failed to be updated.

This field is available when the update mode of the DDNS client is set to http using the method http command.

Refresh

Whether the policy updating function is enabled:

  • enable: The policy updating function is enabled.
  • disable: The policy updating function is disabled.

This field is available when the update mode of the DDNS client is set to http using the method http command.

Update method

Update mode of the DDNS client. This field is available when the update mode of the DDNS client is set to ddns using the method ddns [ both ] command.

  • ddns: indicates that the update mode of the DDNS client is ddns and only Class-A query records are updated.
  • ddns both: indicates that the update mode of the DDNS client is ddns and both Class-A and PTR query records are updated.

Name-server

DNS server for receiving update messages from the DDNS client. This field is available when the update mode of the DDNS client is set to ddns using the method ddns [ both ] command.

To configure a DNS server to receive update messages, run the name-server (DDNS policy view) command.

display ddns policy

Function

The display ddns policy command displays configuration of a DDNS policy.

Format

display ddns policy [ policy-name ]

Parameters

Parameter

Description

Value

policy-name

Specifies a DDNS policy name. If this parameter is not specified, information about all DDNS policies is displayed.

The value is a string of 1 to 32 case-sensitive characters without spaces.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

None

Example

# Display configuration of the DDNS policy mypolicy.

  • When the update mode of the DDNS client is http or vendor-specific, the command output is as follows:

    <Huawei> display ddns policy mypolicy
    Policy name          : mypolicy                                               
    Policy interval time : 3600                                                     
    Policy URL           : oray://<username>:<password>@phddnsdev.oray.net username steven password %^%#SjZ)YyY0"8eB@"LQK<C19m5])(oyX>*&n+#lBBHT%^%#
    Policy bind count    : 1                                                        
                                                                                    
    =====  interface GigabitEthernet1/0/0 ======                                           
      Status: START                                                              
      Refresh: enable           
    
  • When the update mode of the DDNS client is ddns, the command output is as follows:

    <Huawei> display ddns policy mypolicy
    Policy name          : mypolicy                                                       
    Policy interval time : 3600                                                     
    Update method        : ddns both                                                
    Name-server          : 10.136.7.100                                             
    Policy bind count    : 1                                                        
    Interface            : GigabitEthernet1/0/0                                          
    
Table 7-35  Description of the display ddns policy command output

Item

Description

Policy name

DDNS policy name.

To set a DDNS policy name, run the ddns policy command.

Policy interval time

Interval for sending DDNS update requests.

To configure the interval, run the interval interval-time command.

Policy URL

URL in a DDNS service request. This field is empty when the URL is not configured.This field is available when the update mode of the DDNS client is set to http or vendor-specific using the method http or method vendor-specific command.

To configure the URL, run the url command.

Policy bind count

Number of times that the policy is bound to interfaces.

Status

Status of an applied DDNS policy:
  • ESTABLISH: The DDNS policy is updated successfully.
  • START: The DDNS policy is being updated.
  • INIT: The DDNS policy is in initial state. That is, DDNS policy updates are not triggered.
  • AUTHENTICATION FAILED: The DDNS policy is updated failed.

This field is available when the update mode of the DDNS client is set to http or vendor-specific using the method http or method vendor-specific command.

Refresh

Whether the DDNS policy updating function is enabled.This field is available when the update mode of the DDNS client is set to http or vendor-specific using the method http or method vendor-specific command.

  • enable: The policy updating function is enabled.
  • disable: The policy updating function is disabled.

Update method

Update mode of the DDNS client. This field is available when the update mode of the DDNS client is set to ddns using the method ddns [ both ] command.

  • ddns: indicates that the update mode of the DDNS client is ddns and only Class-A query records are updated.
  • ddns both: indicates that the update mode of the DDNS client is ddns and both Class-A and PTR query records are updated.

Name-server

DNS server for receiving update messages from the DDNS client. This field is available when the update mode of the DDNS client is set to ddns using the method ddns [ both ] command.

To configure a DNS server to receive update messages, run the name-server (DDNS policy view) command.

display dns configuration

Function

The display dns configuration command displays the global DNS configurations.

Format

display dns configuration

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

None

Example

# Display the global DNS configurations.

<Huawei> display dns configuration
  ------------------------------------------------------------------------------
  Dns resolve                     :  Enabled                                    
  Dns-server-select-algorithm     :  Auto                                       
  Dns server ipv6 source-ip       :  FC00:1::4                                    
  Dns server source-ip            :  192.168.1.1                                
  Dns proxy                       :  Enabled                                    
  Dns relay                       :  Disabled                                   
  Dns spoofing                    :  192.168.2.2                                
  Dns spoofing ipv6               :  FC00:1::5                                    
  Dns forward retry-number        :  15                                         
  Dns forward retry-timeout       :  3                                          
  ------------------------------------------------------------------------------
Table 7-36  Description of the display dns configuration command output

Item

Description

Dns resolve

Whether dynamic DNS resolution is enabled. The value can be:
  • Enabled: Dynamic DNS resolution is enabled.
  • Disabled: Dynamic DNS resolution is disabled.

To enable dynamic DNS resolution, run the dns resolve command.

Dns-server-select-algorithm

Algorithm for selecting a destination DNS server. The value can be:
  • Fixed: The destination DNS server is selected in fixed order.
  • Auto: The destination DNS server is selected in auto order.

To specify an algorithm for selecting a destination DNS server, run the dns-server-select-algorithm command.

Dns server ipv6 source-ip

Source IPv6 address of the local device for communication.

To set the source IPv6 address of the local device, run the dns server ipv6 source-ip command.

Dns server source-ip

Source IP address of the local device for communication.

To set the source IP address of the local device, run the dns server source-ip command.

Dns proxy

Whether DNS proxy is enabled. The value can be:
  • Enabled: DNS proxy is enabled.
  • Disabled: DNS proxy is disabled.

To enable DNS proxy, run the dns proxy enable command.

Dns relay

Whether DNS relay is enabled. The value can be:
  • Enabled: DNS relay is enabled.
  • Disabled: DNS relay is disabled.

To enable DNS relay, run the dns relay enable command.

Dns spoofing

IP address that spoofs Reply packets.

To enable DNS spoofing and specify the IP address that spoofs Reply packets, run the dns spoofing command.

Dns spoofing ipv6

IPv6 address that spoofs Reply packets.

To enable DNS spoofing and specify the IPv6 address that spoofs Reply packets, run the dns spoofing ipv6 command.

Dns forward retry-number

Number of times for retransmitting Query packets to the destination DNS server.

To set the number of times for retransmitting Query packets to the destination DNS server, run the dns forward retry-number command.

Dns forward retry-timeout

Retransmission timeout period that the device sends Query packets to the destination DNS server.

To set the retransmission timeout period that the device sends Query packets to the destination DNS server, run the dns forward retry-timeout command.

display dns domain

Function

The display dns domain command displays information about the domain name suffixes.

Format

display dns domain [ verbose ]

Parameters

Parameter

Description

Value

verbose

displays the detail information of domain name suffixes.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

The display dns domain command displays the configuration of domain name suffixes and the order in which they were configured.

Example

# Display a list of domain name suffixes.

<Huawei> display dns domain
Type:                                                                           
D:Dynamic     S:Static                                                          
                                                                                
No.  Type    Domain name                        TTL(s)                          
1     S      com                                -                               
2     S      cn                                 -     
Table 7-37  Description of the display dns domain command output

Item

Description

No.

Domain name suffix number, indicating the order in which they were configured.

Type

Domain name suffixes type, including dynamic and static domain name suffix.

Domain name

Domain name suffix.

To set a domain name suffix, run the dns domain command.

TTL(s)

Domain name suffix TTL

Related Topics

display dns dynamic-host

Function

The display dns dynamic-host command displays dynamic DNS entries saved in the domain name cache.

Format

display dns dynamic-host [ ip | naptr | srv ] [ domain-name ]

Parameters

Parameter

Description

Value

ip

Specifies the Class-A and PTR query dynamic DNS entries.

-

naptr

Specifies the NAPTR query dynamic DNS entries.

-

srv

Specifies the SRV query dynamic DNS entries.

-

domain-name

Specifies the dynamic DNS entries of a domain name.

The value must be an existing domain name suffix.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display dns dynamic-host command to view dynamic DNS entries saved in the domain name cache and check whether domain names match the mapping entries.

Example

# Display the dynamic DNS entries saved in the domain name cache.

<Huawei> display dns dynamic-host
Host                                     TTL   Type   Address(es)               
sipx.autosrv.com                         114   IP     192.168.2.18                        
sip.autosrv.com                          237   IP     192.168.2.61                           
sip.autonaptr.com                        117   IP     192.168.2.19                        
_sip._tcp.autosrv.com                    55    SRV    0 0 0 sipx.autosrv.com   
                                                      0 0 0 sip.autosrv.com      
autonaptr.com                            0     NAPTR  101 10 A SIP+D2T  sip.autona
Table 7-38  Description of the display dns dynamic-host command output

Item

Description

Host

Domain name.

  • sipx.autosrv.com: indicates the domain name of the server providing the SIP service.
  • _sip._tcp.autosrv.com: indicates the domain name of the server providing the SIP service through TCP in autosrv.com.
  • autonaptr.com: indicates the domain name in the NAPTR resource record.

TTL

Time left before dynamic DNS entries saved in the cache age out, in seconds.

Type

Query type:

  • IP: Class-A query, which is used to request the IP address corresponding to a domain name, or Pointer (PTR) query, which is used to request the domain name corresponding to an IP address.
  • SRV: Service Record (SRV) query, which is used to obtain information about a server based on the protocol running on the server, including the domain name and port number.
  • NAPTR: Naming Authority Pointer (NAPTR) query, which is used to obtain information about a server based on the server's domain name, including the IP address, and the transmission protocol.

Address(es)

IP address mapping the domain name.

  • 192.168.2.18: indicates the IPv4 address.
  • 0 0 0 sipx.autosrv.com: indicates the SRV query result. In the SRV query result, 0 0 0 indicates the priority, weight, and port number respectively, and sipx.autosrv.com indicates the domain name of the server providing the SIP service.
  • 101 10 A SIP+D2T sip.autona: indicates the NAPTR query result. In the NAPTR query result, 101 10 indicates the NAPTR resource record sequence and priority; A indicates that the IP address to be queried; SIP+D2T indicates that SIP and TCP are used; sip.autona indicates the domain name to be queried.

display dns forward table

Function

The display dns forward table command displays the DNS forwarding table, including the mapping entry of the source IP address in a specified DNS query message.

Format

display dns forward table [ source-ip ip-address ]

Parameters

Parameter

Description

Value

source-ip ip-address

Specifies the source IP address in query messages.

The value is in dotted decimal notation.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After DNS proxy or DNS relay is enabled, you can run the display dns forward table command to view the DNS table of IP addresses.

NOTE:

When the device receives DNS request packets form the client but does not receive DNS reply packets from the server, you need to run the display dns forward table command to view the DNS forwarding table.

Example

# Display the DNS table on the DNS proxy or DNS relay.

<Huawei> display dns forward table 
Domain name            : ma.huawei.com
Source IP              : 10.1.1.3
Source port            : 33025
Source packet id       : 42564
Forward packet id      : 1
Query type             : 1
Table 7-39  Description of the display dns forward table command output

Item

Description

Domain name

Domain name.

Source IP

IP address of the client.

Source port

Port number of the client.

Source packet id

ID of the request packet from the client.

Forward packet id

ID of the forwarded packet, which corresponds to the ID of the request packet from the client.

Query type

Query type:
  • 1: Class-A query
  • 12: Pointer Record (PTR) query
  • 33: SRV query
  • 35: NAPTR query

display dns statistics

Function

The display dns statistics command displays statistics on DNS packets.

Format

display dns statistics

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

None

Example

# Display statistics on DNS packets.

<Huawei> display dns statistics 
SumFromDNSv4Client           :0                                                 
SuccToDNSv4Client            :0                                                 
FailToDNSv4Client            :0                                                 
SumFromDNSv4Server           :0                                                 
SuccToDNSv4Server            :0                                                 
FailToDNSv4Server            :0                                                 
                                                                                
SumFromDNSv6Client           :0                                                 
SuccToDNSv6Client            :0                                                 
FailToDNSv6Client            :0                                                 
SumFromDNSv6Server           :0                                                 
SuccToDNSv6Server            :0                                                 
FailToDNSv6Server            :0                                                 
                                                                                
RetryFromClient              :0                                                 
NotQueryFromClient           :0                                                 
ParseFailFromClient          :0                                                 
TooLongFromClient            :0                                                 
LocalQueryFromClient         :0                                                 
NotStandardQueryFromClient   :0                                                 
                                                                                
NotRespFromServer            :0                                                 
NoAnswerFromServer           :0                                                 
ParseFailFromServer          :0                                                 
TooLongFromServer            :0                                                 
ErrorRespFromServer          :0                                                 
NotStandardQueryFromServer   :0
Table 7-40  Description of the display dns statistics command output

Item

Description

SumFromDNSv4Client

Total number of packets sent from IPv4 DNS clients.

SuccToDNSv4Client

Number of packets that are successfully sent to IPv4 DNS clients.

FailToDNSv4Client

Number of packets that failed to be sent to IPv4 DNS clients.

SumFromDNSv4Server

Total number of packets sent from IPv4 DNS servers.

SuccToDNSv4Server

Total number of packets that are successfully sent to IPv4 DNS servers.

FailToDNSv4Server

Total number of packets that failed to be sent to IPv4 DNS servers.

SumFromDNSv6Client

Total number of packets sent from IPv6 DNS clients.

SuccToDNSv6Client

Number of packets that are successfully sent to IPv6 DNS clients.

FailToDNSv6Client

Number of packets that failed to be sent to IPv6 DNS clients.

FailToDNSv6Client

Total number of packets sent from IPv6 DNS servers.

SuccToDNSv6Server

Total number of packets that are successfully sent to IPv6 DNS servers.

FailToDNSv6Server

Total number of packets that failed to be sent to IPv6 DNS servers.

RetryFromClient

Number of packets retransmitted from clients.

NotQueryFromClient

Number of non-query packets sent from clients.

ParseFailFromClient

Number of packets that failed to be parsed and are sent from clients.

TooLongFromClient

Number of packets longer than 512 bytes sent from clients.

LocalQueryFromClient

Number of query packets of which the source address is a local address and sent from clients.

NotStandardQueryFromClient

Number of nonstandard query packets sent from clients.

NotRespFromServer

Number of non-response packets sent from servers.

NoAnswerFromServer

Number of response packets of which the ANCOUNT field is 0 and sent from servers.

ParseFailFromServer

Number of packets that failed to be parsed and are sent from servers.

TooLongFromServer

Number of packets longer than 512 bytes sent from servers.

ErrorRespFromServer

Number of error response packets sent from servers.

NotStandardQueryFromServer

Number of nonstandard query packets sent from servers.

display dns server

Function

The display dns server command displays information about the configured DNS server.

Format

display dns server [ verbose ]

Parameters

Parameter Description Value
verbose

Displays detailed information about the DNS server.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After configuring the DNS server address, you can run the display dns server command to check whether the address is configured successfully.

Example

# Display the DNS server configuration.

<Huawei> display dns server
Type:
D:Dynamic     S:Static

No.  Type   Status   IP Address
1     S     Up       10.1.1.1
2     S     Up       10.1.1.2
3     S     Up       10.1.1.3
4     S     Up       10.1.1.4
5     S     Up       10.1.1.5
6     S     Up       10.1.1.6

No.  Type  IPv6 Address                             Interface Name
1     S    FC00:2::1                                -               
Table 7-41  Description of the display dns server command output

Item

Description

Type

Configuration type of the DNS server IP address, including dynamic and static.

No.

DNS server number, indicating the order in which they were configured.

IP Address

IP address of the DNS server.

To configure the IP address of the DNS server, run the dns server command.

IPv6 Address

Address of the IPv6 DNS server.

To configure the address of the IPv6 DNS server, run the dns server ipv6 command.

Interface Name

Name of the outbound interface communicating with the DNS server.

display ip host

Function

The display ip host command displays the static DNS table.

Format

display ip host

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After running the ip host command to configure static DNS entries, you can run this command to check whether mappings between host names and IP addresses are correct. You can run the display ip host command to view static DNS table.

Example

# Display the static DNS table.

<Huawei> display ip host
Host                 Age        Flags  Address                                  
www.3322.org         0          static 10.138.90.34                             
members.3322.org     0          static 10.138.90.51                             
checkip.dyndns.com   0          static 10.138.90.51                             
members.dyndns.org   0          static 10.138.90.51  
Table 7-42  Description of the display ip host command output

Item

Description

Host

Host name.

To set host name, run the ip host command.

Age

Aging time. The value 0 indicates a static DNS entry. Static entries are not aged out.

Flags

Status of the domain name. The value static indicates a static domain name.

Address

IP address mapping the domain name.

Related Topics

ddns policy

Function

The ddns policy command creates a DDNS policy and enters the DDNS policy view.

The undo ddns policy command deletes a DDNS policy.

By default, no DDNS policy is created in the system.

Format

ddns policy policy-name

undo ddns policy policy-name

Parameters

Parameter

Description

Value

policy-name

Specifies a name for the DDNS policy name or the DDNS policy view.

The value is a string of 1 to 32 case-sensitive characters without spaces.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

DNS provides static mappings between domain names and IP addresses. When IP addresses of nodes change, DNS cannot dynamically update mappings. If a DNS client uses the original domain name to access the node, the DNS client will fail to access the node because the IP address mapping the domain name is incorrect. The DDNS updates the mappings between the domain name and the IP address on the DNS server to ensure that the IP address can be resolved correctly. The device can function as a DDNS client. When the IP address of the interface that provides services changes, the device sends a request of updating the domain name entry to the DDNS server. After receiving the request, the DDNS server updates the domain name entry.

Follow-up Procedure

After creating the DDNS policy, run the url command to configure the DDNS server for receiving DDNS request messages in the DDNS policy view.

Precautions

A maximum of 10 DDNS policies can be configured on the device.

Example

# Create a DDNS policy.

<Huawei> system-view
[Huawei] ddns policy mypolicy
[Huawei-ddns-policy-mypolicy] quit

# Delete a DDNS policy.

<Huawei> system-view
[Huawei] undo ddns policy mypolicy

dns domain

Function

The dns domain command configures a domain name suffix of a server or a host on a DNS client that the DNS client wants to access.

The undo dns domain command deletes a configured domain name suffix from a DNS client.

By default, no domain name suffix is configured on a DNS client.

Format

dns domain domain-name

undo dns domain [ domain-name ]

Parameters

Parameter

Description

Value

domain-name

Specifies the suffix of a domain name.

The value is a string of 1 to 63 characters without spaces. A combination of digits, letters, underscores (_), dash (-), and dots (.) is allowed.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Many servers or hosts have the same suffix. In this case, you can configure domain name suffixes. For example, you can configure a suffix com.cn for the host whose domain name is huawei. When a DNS client accesses the host, it enters only "huawei" to send a query message to the DNS server. The DNS client automatically adds the suffix com.cn. Then the DNS server searches for the IP address mapped to "huawei.com.cn" first. If receiving no response, the DNS client sends a query message containing "huawei" to the DNS server to search for the mapped IP address.

Precautions

A DNS client supports a maximum of 10 domain name suffixes. To configure multiple domain name suffixes, you can run the dns domain command repeatedly.

If the name of the suffix to be deleted is specified, the specified suffix is deleted. Otherwise, all the suffixes are deleted.

Example

# Configure a domain name suffix as com.cn.

<Huawei> system-view
[Huawei] dns domain com.cn
Related Topics

dns forward retry-number

Function

The dns forward retry-number command sets the number of times for the device to retransmit query requests to the destination DNS server.

The undo dns forward retry-number command restores the default retransmission count.

By default, the retransmission count is 2.

NOTE:

This command can be configured only when the device functions as the DNS proxy/relay.

Format

dns forward retry-number number

undo dns forward retry-number

Parameters

Parameter

Description

Value

number

Specifies the number of times for the device to retransmit query requests to the destination DNS server.

The value is an integer from 0 to 15.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

The device selects the algorithm used by the device to access the destination DSN server as follows:
  • If the auto algorithm is used, when the primary DNS server becomes faulty, the device switches to the secondary DNS server. After the primary DNS server recovers, the device cannot switch back up to primary DNS server.
  • If the fixed algorithm is used, the device first sends a DNS query request to the first DNS server. If no response is received within a specified period of time, the device retransmits the DNS query request. If the device still does not receive a response from the DNS server after sending DNS query requests multiple times, the device sends the DNS query request to the next server in sequence until it receives a response or send all of the configured DNS servers.

    If the device retransmits query requests to each DNS server multiple times, it takes a long time for a DNS client to wait for the response. In addition, the timeout interval for sending requests is short. Consequently, the DNS client cannot receive response packets from the DNS server. The dns forward retry-number command sets the retransmission count smaller, so that a DNS client can receive responses from the DNS server.

    The total query timeout period is determined by the retransmission times and retransmission timeout interval.
    • When the auto algorithm is used for selecting the destination DNS server, the total query timeout period is calculated based on the following formula: Total query timeout period = (Retransmission times +1) * Retransmission timeout interval
    • When the fixed algorithm is used for selecting the destination DNS server, the total query timeout period is calculated based on the following formula: Total query timeout period = (Retransmission times +1) * Retransmission timeout interval *Number of DNS servers

Example

# Set the retransmission count that the device sends query packets to the destination DNS server to 1.

<Huawei> system-view
[Huawei] dns forward retry-number 1

dns forward retry-timeout

Function

The dns forward retry-timeout command sets the retransmission timeout period that the device sends Query packets to the destination DNS server.

The undo dns forward retry-timeout command restores the default retransmission timeout period.

By default, the retransmission timeout period is 3 seconds.

NOTE:

This command can be configured only when the device functions as the DNS proxy/relay.

Format

dns forward retry-timeout time

undo dns forward retry-timeout

Parameters

Parameter

Description

Value

time

Specifies the retransmission timeout period that the device sends Query packets to the destination DNS server.

The value is an integer that ranges from 1 to 15, in seconds.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

A device sends a Query packet to request DNS domain name from a destination DNS server. If the device receives no response from this server within the retransmission timeout period, the device sends a Query packet to this server again. If the device receives no response from the server when the retransmission times reach the upper threshold, the device sends a Query packet to another server. The device sends the dns query request to the next server in sequence until it receives a response or has sent to all of the configured DNS servers.

The dns forward retry-timeout time command sets the retransmission timeout period. For example, when the network is stable and the fixed algorithm is used, you can use this command to set the retransmission timeout period to 2 seconds to reduce the interval at which the device sends Query packets. In this way, the secondary DNS server can quickly respond to DNS Query packets when the primary DNS server fails.

The total query timeout period is determined by the retransmission times and retransmission timeout interval.
  • When the auto algorithm is used for selecting the destination DNS server, the total query timeout period is calculated based on the following formula: Total query timeout period = (Retransmission times +1) * Retransmission timeout interval
  • When the fixed algorithm is used for selecting the destination DNS server, the total query timeout period is calculated based on the following formula: Total query timeout period = (Retransmission times +1) * Retransmission timeout interval *Number of DNS servers

Example

# Set the retransmission timeout period that the device sends Query packets to the destination DNS server to 2 seconds.

<Huawei> system-view
[Huawei] dns resolve
[Huawei] dns forward retry-timeout 2

dns proxy enable

Function

The dns proxy enable command enables DNS proxy.

The undo dns proxy enable command disables DNS proxy.

By default, DNS proxy is disabled.

Format

dns proxy enable

undo dns proxy enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

DNS proxy is used to forward DNS requests and reply packets between the DNS client and DNS server. The DNS client sends a DNS request packet to the device on which DNS proxy is enabled. The device sends the request packet to the DNS server and sends the reply packet to the DNS client. The device functions as the DNS proxy to provide services of the DNS server. Users do not need to interact with the DNS server directly. This function simplifies route deployment and improves performance and security of the DNS server.

Example

# Enable DNS proxy.

<Huawei> system-view
[Huawei] dns proxy enable

# Disable DNS proxy.

<Huawei> system-view
[Huawei] undo dns proxy enable

dns proxy sip-info insert-mode decompression-domain-name

Function

The dns proxy sip-info insert-mode decompression-domain-name command inserts SIP server information to DNS response packets in domain name decompression mode when the device functions as a DNS proxy.

The undo dns proxy sip-info insert-mode decompression-domain-name command restores the default insert mode.

By default, the domain name decompression mode is not used.

Format

dns proxy sip-info insert-mode decompression-domain-name

undo dns proxy sip-info insert-mode decompression-domain-name

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

This command applies only to the Branch Exchange Survivable Telephony (BEST) solution. In the BEST solution, the phone functions as the DNS client and the device functions as the DNS proxy. When the DNS client initiates an SRV query, the device inserts SIP server information to the DNS response packet. For example, when a Cisco phone is used and the dns proxy sip-info insert-mode decompression-domain-name command is not used to insert SIP server information to DNS response packets in domain name decompression mode, the phone cannot resolve DNS response packets that have SIP server information inserted.

Example

# Insert SIP server information to DNS response packets in domain name decompression mode in the BEST solution.

<Huawei> system-view
[Huawei] dns resolve
[Huawei] dns proxy enable
[Huawei] dns proxy sip-info insert-mode decompression-domain-name

dns relay enable

Function

The dns relay enable command enables DNS relay.

The undo dns relay enable command disables DNS relay.

By default, DNS relay is disabled.

Format

dns relay enable

undo dns relay enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

DNS relay is used to forward DNS requests and reply packets between the DNS client and DNS server. The DNS client sends a DNS request packet to the device on which DNS relay is enabled. The device sends the request packet to the DNS server and sends the reply packet to the DNS client. The device functions as the DNS relay to provide services of the DNS server. Users do not need to interact with the DNS server directly. This function simplifies route deployment and improves performance and security of the DNS server.

Example

# Enable DNS relay.

<Huawei> system-view
[Huawei] dns relay enable

# Disable DNS relay.

<Huawei> system-view
[Huawei] undo dns relay enable

dns resolve

Function

The dns resolve command enables dynamic DNS resolution.

The undo dns resolve command disables dynamic DNS resolution.

By default, dynamic DNS resolution is disabled.

Format

dns resolve

undo dns resolve

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

To obtain IP addresses mapping domain names using the DNS server, run the dns resolve command to enable dynamic DNS resolution on the device.

Example

# Enable dynamic DNS resolution.

<Huawei> system-view
[Huawei] dns resolve

dns server

Function

The dns server command configures an IP address for a DNS server.

The undo dns server command deletes the DNS server IP address.

By default, no DNS server IP address is configured.

Format

dns server ip-address [ track nqa admin-name test-name ]

undo dns server [ ip-address ]

Parameters

Parameter

Description

Value

ip-address

Specifies the IP address of a DNS server.

The value is in dotted decimal notation.

track nqa admin-name test-name

Specifies the NQA test instance to be associated with the DNS server.
  • admin-name: specifies the name of the administrator for the NQA test instance.
  • test-name: specifies the name of the NQA test instance.

The value is a string of 1 to 32 case-sensitive characters without any space.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

During dynamic domain name resolution, the device can send a query packet to the DNS server, requesting for the query result.

The device can specify IP addresses of at most six DNS servers. During dynamic domain name resolution, the device determines the DNS query packet sending method according to the mode configured using the dns-server-select-algorithm { fixed | auto } command.

If track nqa admin-name test-name is configured, the DNS server is associated with an NQA test instance. In dynamic domain name resolution, the device sends a query packet to the DNS servers in Up state, which improves the domain name resolution efficiency. You can run the display dns server command to check the DNS server status.

A DNS server can be associated with NQA test instances of the DNS and ICMP types. According to the test mechanism, NQA test instances of the DNS type are used to test whether the DNS server function is normal; those of the ICMP type are used to test whether routes to the DNS server are reachable. You can select one NQA test instance type based on the site requirements.

Prerequisites

Before specifying the NQA test instance to be associated with the DNS server using track nqa admin-name test-name, perform the following operations and start the NQA test instance.
  • Configuring and starting an NQA test instance of the DNS type
    1. Run the system-view command to enter the system view.

    2. Run the nqa test-instance admin-name test-name command to create an NQA test instance and enter the test instance view.

    3. Run the test-type dns command to configure the test type to DNS.

    4. Run the dns-server ipv4 ip-address command to configure the DNS server address.

    5. Run the destination-address url urlstring command to configure the destination host name.

    6. Run the frequency interval command to set the automatic test interval for the NQA test instance.

    7. Run the start command to start the NQA test instance.

      An NQA test instance can be started immediately, at a specified time, or after a specified delay.

      • Run the start now [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ] command to start the test instance immediately.

      • Run the start at [ yyyy/mm/dd ] hh:mm:ss [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ] command to start the test instance at a specified time.

      • Run the start delay { seconds second | hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ] command to start the test instance after a specified delay.

  • Configuring and starting an NQA test instance of the ICMP type
    1. Run the system-view command to enter the system view.

    2. Run the nqa test-instance admin-name test-name command to create an NQA test instance and enter the test instance view.

    3. Run the test-type icmp command to configure the test type to ICMP.

    4. Run the destination-address ipv4 ipv4-address command to configure the destination IP address.

    5. Run the frequency interval command to set the automatic test interval for the NQA test instance.

    6. Run the start command to start the NQA test instance.

      An NQA test instance can be started immediately, at a specified time, or after a specified delay.

      • Run the start now [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ] command to start the test instance immediately.

      • Run the start at [ yyyy/mm/dd ] hh:mm:ss [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ] command to start the test instance at a specified time.

      • Run the start delay { seconds second | hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ] command to start the test instance after a specified delay.

Precautions

You can run the display dns server command to check the DNS server status. When the DNS server is not associated with NQA, the server is in Up state. After the DNS server is associated with NQA, the server status depends on the NQA check result. When the NQA test instance type is not DNS and ICMP, the association between the DNS server and NQA does not take effect and the DNS server is in Up state.

Example

# Configure two DNS servers with the IP addresses 172.16.1.1 and 10.10.10.10 for dynamic domain name resolution on the device.

<Huawei> system-view
[Huawei] dns server 172.16.1.1
[Huawei] dns server 10.10.10.10
# Configure two DNS servers with the IP addresses 172.16.1.1 and 10.10.10.10 for dynamic domain name resolution on the device, and associate the two ICMP NQA test instances localdns and remotedns.
<Huawei> system-view
[Huawei] nqa test-instance admin localdns
[Huawei-nqa-admin-localdns] test-type icmp
[Huawei-nqa-admin-localdns] destination-address ipv4 172.16.1.1
[Huawei-nqa-admin-localdns] start now
[Huawei-nqa-admin-localdns] quit
[Huawei] nqa test-instance admin remotedns
[Huawei-nqa-admin-remotedns] test-type icmp
[Huawei-nqa-admin-remotedns] destination-address ipv4 10.10.10.10
[Huawei-nqa-admin-remotedns] start now
[Huawei-nqa-admin-remotedns] quit
[Huawei] dns server 172.16.1.1 track nqa admin localdns
[Huawei] dns server 10.10.10.10 track nqa admin remotedns
Related Topics

dns server source-ip

Function

The dns server source-ip command configures the source IP address for the device to send and receive DNS packets.

The undo dns server source-ip command deletes the source IP address for the device to send and receive DNS packets.

By default, no source IP address is configured for the device.

Format

dns server source-ip ip-address

undo dns server source-ip

Parameters

Parameter

Description

Value

ip-address

Specifies the source IP address for the device to send and receive DNS packets.

The value is in dotted decimal notation.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

When the device sends and receives DNS packets, the administrator can specify a source IP address for the device to ensure the communication security. The route from the DNS server to the specified source IP address must be reachable. The DNS server uses the specified source IP address as the destination address and sends a DNS response packet to the local device.

When the device functions as a DNS proxy or relay, run the dns server source-ip command to configure the source IP address for communicating with the DNS server. The device selects the source IP address according to the following principles:

  • If the configured source IP address is the IP address of the local device (the IP address of an interface or logical interface on the local device), the device selects the configured source IP address when sending DNS request packets.
  • If the configured source IP address is not the IP address of the local device, the device searches the FIB table according to the DNS server IP address to select the source IP address when sending DNS request packets.

Example

# Specify source IP address 172.16.1.1 for the local device.

<Huawei> system-view
[Huawei] dns server source-ip 172.16.1.1
Related Topics

dns-server-select-algorithm

Function

The dns-server-select-algorithm command configures the DNS server selection mode of the device.

By default, the device selects a DNS server in auto mode.

Format

dns-server-select-algorithm { fixed | auto }

Parameters

Parameter

Description

Value

fixed

Selects a DNS server in fixed mode.

-

auto

Selects a DNS server in auto mode.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

The device can select a DNS server in either of the following modes:
  • auto: The device sends DNS query packets in different scenarios using either of the following methods:
    • Method 1: The device sends DNS query requests to all configured DNS servers (IP addresses of DNS servers can be configured by running the dns server command) and preferentially selects the DNS server that responds first.
    • Method 2: The device uses the internal algorithm to calculate the priorities of all configured DNS servers (IP addresses of DNS servers can be configured by running the dns server command), and then sends a DNS query request to the DNS server with the highest priority. If no response is received within a specified period of time, the device retransmits the DNS query request. If the device still does not receive a response from the DNS server after sending query requests multiple times, the device sends the DNS query request to the next server in sequence until it receives a response or has sent to all of the configured DNS servers.
  • fixed: The device sends a DNS query request to the first DNS server. If no response is received within a specified period of time, the device retransmits the DNS query request. If the device still does not receive a response from the DNS server after sending query requests multiple times, the device sends the DNS query request to the next server in sequence until it receives a response or has sent to all of the configured DNS servers.
NOTE:

This function is supported when the device functions as a DNS client or DNS proxy/relay.

When the device functions as a DNS client:
  • This function is supported only for DNS query requests sent by IPSec, voice, PKI, or DDNS services. In addition, when the DNS server mode is set to auto, the device sends the DNS query packet using the first method.

  • The DNS server selection mode is not supported for DNS query requests sent by other services. The device sends the requests according to the order in which DNS servers are configured. If no response is received, the device retransmits the requests according to the order in which DNS servers are configured.

When the device functions as a DNS proxy/relay and the DNS server mode is set to auto, the device sends the DNS query packet using the second method.

Example

# Configure the device to select a DNS server in fixed mode.

<Huawei> system-view
[Huawei] dns-server-select-algorithm fixed
Related Topics

dns spoofing

Function

The dns spoofing command enables DNS spoofing and specifies an IP address in response messages.

The undo dns spoofing command disables DNS spoofing.

By default, DNS spoofing is disabled.

Format

dns spoofing ip-address

undo dns spoofing

Parameters

Parameter Description Value
ip-address Specifies an IP address in response messages. The value is in dotted decimal notation.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

If the DNS server address or route to the DNS server is not configured on the DNS proxy or relay, you can enable DNS spoofing on the device to spoof a response message with the configured IP address. Currently, DNS spoofing takes effect for only Class-A query (IP address query based on domain names).

If you run the dns spoofing command multiple times, only the latest configuration takes effect.

Example

# Enable DNS spoofing and specify the IP address in response messages as 10.1.1.1.

<Huawei> system-view
[Huawei] dns spoofing 10.1.1.1

# Disable DNS spoofing.

<Huawei> system-view
[Huawei] undo dns spoofing

interval

Function

The interval command sets the interval for sending DDNS update requests.

The undo interval command restores the default interval.

By default, the interval for sending DDNS update requests is 3600 seconds.

Format

interval interval-time

undo interval

Parameters

Parameter

Description

Value Range

interval-time

Specifies interval for sending DDNS update requests.

The value is an integer that ranges from 60 to 31536000, in seconds.

Views

DDNS policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the interval for sending DDNS update requests is set in the configured DDNS policy, the device is triggered to send DDNS update requests at the specified intervals. All the mappings between IP addresses and domain names defined in the DDNS policy are updated.

Precautions

If you run the interval command multiple times, only the latest configuration takes effect.

Regardless of whether the interval is reached, the device sends DDNS update requests immediately as long as the primary IP address of the corresponding interface changes or the link status of the interface changes from Down to Up.

If the interval is changed, the device is triggered to send a DDNS update request immediately.

Example

# Set the interval for sending DDNS update requests.

<Huawei> system-view
[Huawei] ddns policy mypolicy
[Huawei-ddns-policy-mypolicy] interval 3600
Related Topics

ip host

Function

The ip host command configures static DNS entries.

The undo ip host command deletes static DNS entries.

By default, no static DNS entries are configured.

Format

ip host host-name ip-address

undo ip host host-name [ ip-address ]

Parameters

Parameter

Description

Value

host-name

Specifies the host name.

The value is a string of 1 to 24 case-sensitive characters without space.

ip-address

Specifies the IP address mapping the host name.

The value is in dotted decimal notation.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A static domain name resolution table is manually set up using the ip host command, describing the mappings between host names and IP addresses. In addition, some common host names are added to the table. Then, static host name resolution can be performed according to the static domain name resolution table. When requiring the IP address corresponding to a host name, the client firstly searches the static host name resolution table for the specified host name and obtains the corresponding IP address. In this manner, the efficiency of host name resolution is improved.

Precautions

The ip host command configures a maximum of 50 static DNS entries. Each host name can be mapped to only one IP address. When multiple IP addresses are mapped to a host name, only the latest configuration takes effect.

Example

# Configure static DNS entries.

<Huawei> system-view
[Huawei] ip host www.huawei.com 10.10.10.4
Related Topics

method (DDNS policy view)

Function

The method command sets the update mode for the device functioning as a DDNS client.

The undo method command restores the default update mode for the device functioning as a DDNS client.

By default, the update mode is vendor-specific for the device functioning as the DDNS client.

Format

method { ddns [ both ] | http | vendor-specific }

undo method

Parameters

Parameter

Description

Value

ddns [ both ]

Indicates that the update mode is ddns (defined by the RFC2136) for the device functioning as a DDNS client.

If both is specified, both Class-A and PTR query records are updated. If both is not specified, only Class-A query records are updated

  • Class-A query records: mapping between domain names and IP addresses provided by the DNS server for Class-A query. In Class-A query, an IP address is obtained based on a domain name.
  • PTR query records: mapping between domain names and IP addresses provided by the DNS server for PTR query. In PTR query, a domain name is obtained using an IP address.

-

http

Indicates that the update mode is http for the device functioning as a DDNS client. After this parameter is specified, the DDNS client can communicate with a common DDNS server through HTTP.

-

vendor-specific

Indicates that the update mode is vendor-specific for the device functioning as a DDNS client. After this parameter is specified, the DDNS client can communicate with the Siemens DDNS server, and DDNS servers provided at www.3322.org, www.dyndns.com, and www.oray.cn.

-

Views

DDNS policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the device functioning as a DDNS client needs to update the mapping between domain names and IP addresses on the DNS server, the following update modes are supported:
  • DDNS update mode (defined by the RFC2136): The DDNS client dynamically updates the mapping between domain names and IP addresses on the DNS server. To configure this mode, specify the ddns parameter.
  • Update mode implemented through the DDNS server: The DDNS client sends the mapping between domain names and IP addresses to the DDNS server with a specified URL. The DDNS server then informs the DNS server to dynamically update the mapping between domain names and IP addresses. To configure this mode, specify the http or vendor-specific parameter.
    • To use the Siemens DDNS server or DDNS server provided at www.3322.org, www.dyndns.com, or www.oray.cn, specify the vendor-specific parameter.
    • To use an HTTP-based common DDNS server, specify the http parameter.

Precautions

Authentication steps are implemented in the update process through DDNS servers. All DDNS servers except Siemens DDNS servers do not encrypt user passwords during the authentication. To improve security, you are advised to configure IPSec when using these DDNS servers to implement update. For details, see IPSec Configuration in the Huawei AR500&AR510&AR530 Series Industrial Switch Routers Configuration Guide - VPN.

Example

# Set the update mode of the device functioning as the DDNS client to DDNS, and update Class-A and PTR query records.

<Huawei> system-view
[Huawei] ddns policy mypolicy
[Huawei-ddns-policy-mypolicy] method ddns both

# Restore the default update mode for the device functioning as the DDNS client.

<Huawei> system-view
[Huawei] ddns policy mypolicy
[Huawei-ddns-policy-mypolicy] undo method
Related Topics

name-server (DDNS policy view)

Function

The name-server command configures a DNS server to receive update messages from a DDNS client when the device functions as the DDNS client and the update mode is DDNS.

The undo name-server command cancels the DNS server configured for receiving update messages from the DDNS client.

By default, no DNS server is configured to receive update messages from a DDNS client when the device functions as the DDNS client and the update mode is DDNS.

Format

name-server name-server

undo name-server

Parameters

Parameter

Description

Value

name-server

Specifies the DNS server for receiving update messages from the DDNS client.

The value is a string of 1 to 128 case-sensitive characters without spaces. The value can be a domain name or an IP address.

Views

DDNS policy view

Default Level

2: Configuration level

Usage Guidelines

When the device functions as a DDNS client and the update mode is DDNS, you can run the name-server command to configure a DNS server to receive update messages from the DDNS client. After receiving the update request packets, the DNS server updates the mapping between the domain name and IP address of the DDNS client.

Example

# Configure the DNS server with the domain name ns.huawei.com to receive update messages from a DDNS client when the device functions as the DDNS client and the update mode is DDNS.

<Huawei> system-view
[Huawei] ddns policy mypolicy
[Huawei-ddns-policy-mypolicy] name-server ns.huawei.com
Related Topics

reset ddns policy

Function

The reset ddns policy command configures the device to update mappings between IP addresses and domain names.

Format

reset ddns policy policy-name [ interface interface-type interface-num ]

Parameters

Parameter

Description

Value

policy policy-name

Specifies the name of a DDNS policy that is to be updated.

The value is a string of 1 to 32 case-sensitive characters without spaces.

interface-type interface-num

Specifies the type and number of the interface to which DDNS policies are bound.

-

Views

User view

Default Level

3: Management level

Usage Guidelines

After the reset ddns policy command is executed, all mappings between IP addresses and domain names defined in the DDNS policy are updated.

Example

# Update the DDNS policy named dyndns on GE0/0/1.

<Huawei> reset ddns policy dyndns interface gigabitethernet 0/0/1

reset dns dynamic-host

Function

The reset dns dynamic-host command deletes dynamic DNS entries saved in the dynamic domain name cache.

Format

reset dns dynamic-host

Parameters

None

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After confirming the action of deleting dynamic DNS entries, you can run the reset dns dynamic-host command to delete them.

Precautions

Dynamic DNS entries cannot be restored after being deleted. Confirm the action before you run the command.

Example

# Delete dynamic DNS entries saved in the dynamic domain name cache.

<Huawei> reset dns dynamic-host

reset dns forward table

Function

The reset dns forward table command clears entries in the DNS table.

Format

reset dns forward table [ source-ip ip-address ]

Parameters

Parameter

Description

Value

source-ip ip-address

Clear the mapping entries of a specified source IP address.

The value is in dotted decimal notation.

Views

User view

Default Level

3: Management level

Usage Guidelines

When the DNS proxy or relay is attacked, the DNS table will be full. The reset dns forward table command can delete all DNS entries.

Example

# Clear DNS entries in the DNS table on the DNS proxy or DNS relay.

<Huawei> reset dns forward table

reset dns statistics

Function

The reset dns statistics command clears statistics on DNS packets.

Format

reset dns statistics

Parameters

None

Views

User view

Default Level

3: Management level

Usage Guidelines

The reset dns statistics command clears statistics on DNS packets. The cleared statistics cannot be restored.

Example

# Clear statistics on DNS packets.

<Huawei> reset dns statistics

ssl-policy (ddns-policy-view)

Function

The ssl-policy command binds an SSL policy to a DDNS policy.

The undo ssl-policy command deletes an SSL policy from a DDNS policy.

By default, no SSL policy is bound to a DDNS policy.

Format

ssl-policy policy-name

undo ssl-policy

Parameters

Parameter

Description

Value

policy-name

Specifies the name of an SSL policy bound to a DDNS policy.

The value is a string of 1 to 31 case-sensitive characters. It cannot contain a space or question mark (?).

Views

DDNS policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the device functions as the DDNS client and communicates with a Siemens DDNS server, the device needs to encrypt packets using SSL. An SSL policy needs to be bound to the DDNS policy.

Prerequisites

An SSL policy has been created using the ssl policy policy-name [ type { client | server } ] command.

A DDNS policy has been created using the ddns policy command and a URL has been configured for Siemens DDNS server using the url command.

Precautions

An SSL policy needs to be bound to the DDNS policy only when the device functions as the DDNS client and communicates with a Siemens DDNS server.

Example

# Bind an SSL policy to a DDNS policy.

<Huawei> system-view
[Huawei] ssl policy siemens type client 
[Huawei-ssl-policy-siemens] quit 
[Huawei] ddns policy huawei 
[Huawei-ddns-policy-huawei] url https://194.138.36.67/nic/update?group=med&user=huawei_test&password=12345&myip=192.168.19.2 
[Huawei-ddns-policy-huawei] ssl-policy siemens
Related Topics

url

Function

The url command specifies the URL in DDNS update requests.

The undo url command deletes the URL in DDNS update requests.

By default, no URL is specified in DDNS update requests on the device.

Format

url request-url [ username username password password ]

undo url

Parameters

Parameter

Description

Value

request-url

Specifies the URL in DDNS update requests.

The value is a string of 20 to 256 case-sensitive characters without spaces.

  • If username username password password is not specified, the URL contains the user name and password, and their configurations are displayed in plain text. For example, when the device uses TCP to communicate with www.oray.cn, the URL format of the DDNS update request is oray://huawei1:huawei2@phddnsdev.oray.net (huawei1 indicates the user name and huawei2 indicates the password).

  • If username username password password is specified, the URL only contains the fixed format <username>:<password>, not the user name and password. The user name and password are specified by username and password, and the password configuration is displayed in cipher text. For example, when the device uses TCP to communicate with www.oray.cn, the URL format of the DDNS update request is oray://<username>:<password>@phddnsdev.oray.net (<username>:<password> is the fixed value).

username username password password

Specifies the user name and password for logging in to the DDNS server.

NOTE:

To ensure password security, you are advised to run the username username password password command to configure a user name and password. The password information in the configuration file is displayed in cipher text.

  • username: The value is a string of 1 to 32 case-sensitive characters without spaces.

  • password: The value is a string of 1 to 32 case-sensitive characters in plain text or 48 to 68 case-sensitive characters in cipher text without spaces.

Views

DDNS policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After a DDNS policy is created, enter the URL and specify a DDNS server in the URL.

The processes for the device to request DDNS updates from different DDNS servers are different; therefore, the URL configurations of DDNS servers are different.
  • If username username password password is not specified,
    • When the device uses HTTP to communicate with the DDNS server provided at www.3322.org, the URL in a DDNS update request is:

      http://username:password@members.3322.org/dyndns/update?system=dyndns&hostname=<h>&myip=<a>

    • When the device uses HTTP to communicate with the DDNS server provided at www.dyndns.com, the URL in a DDNS update request is:

      http://username:password@update.dyndns.com/nic/update?hostname=<h>&myip=<a>

    • When the device uses TCP to communicate with the DDNS server provided at www.oray.cn, the URL in a DDNS update request is:

      oray://username:password@phddnsdev.oray.net

    • When the device uses HTTPS to communicate with the Siemens DDNS server, the URL in a DDNS update request is user-defined, for example,

      https://194.138.36.67/nic/update?group=med&user=huawei_test&password=12345&myip=192.168.19.2

    • When the device uses HTTP to communicate with a common DDNS server, the URL in a DDNS update request is:

      http://username:password@merri.s.dnaip.fi/reg/h=<h>&a=<a>

      NOTE:

      In the preceding URLs, username and password indicate the user name and password for logging in to the DDNS server. For example, in http://huawei1:huawei2@merri.s.dnaip.fi/reg/h=<h>&a=<a>, huawei1 and huawei2 indicate the user name and password for logging in to the DDNS server.

  • When username username password password is specified,
    • When the device uses HTTP to communicate with the DDNS server provided at www.3322.org, the URL in a DDNS update request is:

      http://<username>:<password>@members.3322.org/dyndns/update?system=dyndns&hostname=<h>&myip=<a>

    • When the device uses HTTP to communicate with the DDNS server provided at www.dyndns.com, the URL in a DDNS update request is:

      http://<username>:<password>@update.dyndns.com/nic/update?hostname=<h>&myip=<a>

    • When the device uses TCP to communicate with the DDNS server provided at www.oray.cn, the URL in a DDNS update request is:

      oray://<username>:<password>@phddnsdev.oray.net

    • When the device uses HTTPS to communicate with the Siemens DDNS server, the URL in a DDNS update request is user-defined, for example,

      https://194.138.36.67/nic/update?group=med&user=<username>&password=<password>&myip=192.168.19.2

    • When the device uses HTTP to communicate with a common DDNS server, the URL in a DDNS update request is:

      http://<username>:<password>@merri.s.dnaip.fi/reg/h=<h>&a=<a>

      NOTE:
      • In the preceding URLs, <username> and <password> are fixed formats, which cannot be modified.

Where,

  • The URL uses the default port number. The default port number of the DDNS server provided at www.oray.cn is 6060, the default HTTP port number is 80 and the default HTTPS port number is 443.

  • The FQDN and IP address cannot be specified in the URL for the DDNS server provided at www.oray.cn. You can specify the FQDN when applying a DDNS policy on an interface. The IP address in the URL is the primary IP address of the interface to which a DDNS policy is applied.

    NOTE:
    To prevent configuration errors, you are advised not to change <h> or <a> in the URL. The device automatically fills in <h> and <a> based on the FQDN specified when a DDNS policy is bound to the interface.

If you run the url command multiple times, only the latest configuration takes effect.

Precautions

In a URL, the user name and password are separated using :, the password and domain name are separated using @, and the domain name ends with /. Pay attention to the following points when using special characters in a URL; otherwise, a URL parsing error occurs.
  • The user name can contain the special character @, but the password cannot contain the special character @.
  • The user name cannot contain the special character :. Otherwise, the user name is split when being parsed.
  • You need to press CTRL+T to enter ? in a URL.

Example

# Specify the URL of the DDNS update request, in which the password is displayed in cipher text.

<Huawei> system-view
[Huawei] ddns policy mypolicy
[Huawei-ddns-policy-mypolicy] url "http://<username>:<password>@members.3322.org/dyndns/update?system=dyndns&hostname=<h>&ip=<a>" username steven password nevets

# Delete the specified URL of the DDNS update request.

<Huawei> system-view
[Huawei] ddns policy mypolicy
[Huawei-ddns-policy-mypolicy] undo url
Related Topics

dns resolve policy a

Function

The dns resolve policy a command enables the DNS resolution policy function for class-A query requests and displays the DNS resolution policy view.

The undo dns resolve policy a command disables the DNS resolution policy function for class-A query requests.

By default, the DNS resolution policy function for class-A query requests is disabled.

Format

dns resolve policy a

undo dns resolve policy a

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To control access traffic, the administrator requires that users can access only some websites on which they can browse only texts or pictures. For example, in Wi-Fi connection scenarios such as in metro or on bus, passengers can access only specified websites. If they attempt to access other websites, their access requests are rejected or redirected to the specified websites.

The administrator can run the dns resolve policy a command to enable the DNS resolution policy function for class-A query requests. Then only some specified domain names can be resolved to meet the wireless connection requirements.

Follow-up Procedure

Run the rule (DNS resolution policy view) command to configure a DNS resolution rule.

Example

# Enable the DNS resolution policy function for class-A query requests and display the DNS resolution policy view.

<Huawei> system-view  
[Huawei] dns resolve policy a 

rule (DNS resolution policy view)

Function

The rule command configures a DNS resolution rule.

The undo rule command deletes the DNS resolution rule.

By default, no DNS resolution rule is configured.

Format

rule rule-id [ if-match name hostname ] { deny | permit | spoofing ip-address }

undo rule rule-id

Parameters

Parameter

Description

Value

rule-id

Specifies the DNS resolution rule ID. A smaller value indicates a higher rule priority.

The value is an integer that ranges from 0 to 127.

if-match name hostname

Specifies the domain name matching the DNS resolution rule.

If this parameter is not configured, the DNS resolution rule matches all domain names.

The value is a string of 1 to 255 case-insensitive characters without spaces. It supports the digits 0-9, lowercase letters a-z, uppercase letters A-Z, and the following symbols: - _ . *.

The symbol * indicates the wildcard that can only be prefixed to the domain name once. For example, indicates that all host names in example.com are matched.

deny

Rejects the domain name resolution request matching the DNS resolution rule.

-

permit

Allows the domain name resolution request matching the DNS resolution rule.

-

spoofing ip-address

Specified the IP address of the spoofing response to the domain name resolution request matching the DNS resolution rule.

A spoofing response uses the configured IP address as the domain name resolution result to respond to the domain name resolution request. The IP address may be directed to the local homepage (providing resources such as website navigation, local videos, and applications).

The value is in dotted decimal notation.

Views

DNS resolution policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the DNS resolution policy function is enabled, the specified resolution rule needs to be configured so that the specified domain name can be parsed, cannot be parsed, or can be configured with a spoofing response to the domain name resolution request.

The administrator can run the rule command to configure a specified DNS resolution rule.

Prerequisites

The DNS resolution policy function for class-A query requests has been enabled and the DNS resolution policy view has been displayed using the dns resolve policy a command.

Precautions

  • If the specified rule-id exists, the new rule overrides the original one no matter whether the two rules conflict.
  • If the specified rule-id does not exist, create a new rule using the specified rule-id and determine the rule insertion position based on the rule size.

Example

# Add a rule with rule-id as 0 to the DNS resolution policy, and configure address spoofing based on the DNS resolution request for www.huawei.com with the spoofing response address 192.168.1.1.

<Huawei> system-view  
[Huawei] dns resolve policy a 
[Huawei-dns-resolve-policy-a] rule 0 if-match name www.huawei.com spoofing 192.168.1.1 
Translation
Download
Updated: 2019-02-18

Document ID: EDOC1000097293

Views: 35188

Downloads: 101

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next