AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010 Command Reference

DNS Configuration Commands

ddns apply policy

Function

The ddns apply policy command allows you to apply DDNS policies on interfaces.

The undo ddns apply policy command deletes the configuration.

By default, no DDNS policy is bound to an interface.

Format

ddns apply policy policy-name [ fqdn domain-name ]

undo ddns apply policy [ policy-name ]

Parameters

Parameter	Description	Value
policy-name	Specifies a DDNS policy name.	The value must be the name of an existing DDNS policy.
fqdn domain-name	Specifies domain name updated by the DDNS.	The value is a string of 1 to 128 case-sensitive characters without spaces.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

DNS provides static mappings between domain names and IP addresses. When IP addresses of interfaces change, DNS cannot dynamically update mappings. After the specified DDNS policy is applied on an interface, if the IP address of the interface changes, the DDNS policy updates mapping between the specified Fully Qualified Domain Name (FQDN) and the IP address.

If a DDNS policy with the same name is bound to an interface repeatedly and different FQDNs are specified, only the latest configuration takes effect and a DDNS update is initiated.

Prerequisites

To apply the policy on an interface, you need to create the DDNS policy first, also the DDNS policy, including DDNS Server domain-name, DDNS Client domain-name, username and password, must be completely configured.

Example

# Apply the DDNS policy "test "on the Eth2/0/0.

<Huawei> system-view
[Huawei] interface ethernet 2/0/0 
[Huawei-Ethernet2/0/0] ddns apply policy test

Related Topics

ddns policy

display ddns interface

Function

The display ddns interface command displays information about the interfaces to which DDNS policies are applied.

Format

display ddns interface { all | interface-type interface-number }

Parameters

Parameter	Description	Value
all	Indicates all interfaces.	-
interface-type interface-number	Specifies the type and number of an interface.	-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To view information about the interfaces to which DDNS policies are applied, run the display ddns interface command.

Example

# Display the configuration of DDNS policies applied to Eth2/0/0.

<Huawei> display ddns interface ethernet 2/0/0 
 Policies applied on interface Ethernet2/0/0 :                           
 ------------------------------------------------------------------------------ 
 Policy name          : 123                                                     
 Server               : ns.huawwei.com                                          
 User name            : -                                                       
 Password             : -                                                       
 Update method        : ddns                                                    
 Update interval      : 3600 seconds                                            
 Current status       : START                                                   
 Client FQDN          : 123                                                     
 Client IP            : 0.0.0.0                                                 
 Server IP            : -                                                       
 Last update time     : 2015-10-27 10:30:28                                     
 Last update result   : Update failed

Table 8-38 Description of the display ddns interface command output

Item	Description
Policy name	DDNS policy name.
Server	Domain name of a DDN service provider.
User name	User name used for access to a DDNS service provider.
Password	Password used for access to a DDNS service provider.
Update method	DDNS update method: http: common HTTP update method vendor-specific: vendor-defined update method ddns: update method compliant with RFC 2136, which updates only A records. ddns both: update method compliant with RFC 2136, which updates A and PTR records.
Update interval	Interval at which a DDNS client initiates a DDNS update, in seconds.
Current status	Status of an applied DDNS policy: INIT: Initial state. ESTABLISH: Update is successful. AUTHENTICATION FAILED: Authentication failed. START: Update starts.
Client FQDN	Domain name of a DDNS client.
Client IP	IP address of a DDNS client.
Server IP	IP address of a DDNS server.
Last update time	Last update time.
Last update result	Last update result: Success: The update is successful. Resolve ddns server domain name fail: Failed to parse the domain name of the DDNS server. Authentication fail: Authentication failed. Update failed: The update failed. Updating: The update is ongoing.

display ddns policy

Function

The display ddns policy command displays DDNS policy information.

Format

display ddns policy [ policy-name ]

Parameters

Parameter	Description	Value
policy-name	Displays information about a specified DDNS policy	The DDNS policy name must exist.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display ddns policy command to view DDNS policy information. If no policy-name is specified, all DDNS policies information is displayed.

Example

# Display current DDNS policy information.

<Huawei> display ddns policy test
 Policy name          : test                                                    
 Server               : oray://username:password@phddnsdev.oray.net             
 User name            : -                                                       
 Password             : -                                                       
 Update method        : vendor-specific                                         
 Update interval      : 3600 seconds                                            
 Apply interface      : Ethernet2/0/0

Table 8-39 Description of the display ddns policy command output

Item	Description
Policy name	DDNS policy name.
Server	Domain-name of a DDNS service provider
User name	User name for accessing a DDNS service provider
Password	Password for accessing a DDNS service provider
Update method	Update mode of the DDNS Client. http: indicates the update mode of common http. vendor-specific: indicates the update mode defined by the vendors. ddns: indicates the update mode defined by RFC2136, which only updates Class-A records. ddns both: indicates the update mode defined by RFC2136, which updates Class-A records and PTR records.
Update interval	Interval for which the DDNS client initiates DDNS updates, in second.
Apply interface	Interface that applies this policy

display dns configuration

Function

The display dns configuration command displays the global DNS configurations.

Format

display dns configuration

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

None

Example

# Display the global DNS configurations.

<Huawei> display dns configuration
 -------------------------------------------------------------------------------
 Dns resolve                        :  Disabled                                 
 DNS-server-select-algorithm        :  Auto                                     
 Dns server source ip address       :  -                                        
 Dns server source ipv6 address     :  -                                        
 Dns proxy                          :  Disabled                                 
 Dns IPv6 proxy                     :  Disabled                                 
 Dns relay                          :  Disabled                                 
 Dns IPv6 relay                     :  Disabled                                 
 Dns spoofing                       :  -                                        
 Dns IPv6 spoofing                  :  -                                        
 Dns forward retry-number           :  2                                        
 Dns forward retry-timeout          :  3                                        
 Dns server vpn-instance            :  vpn1
 -------------------------------------------------------------------------------

Table 8-40 Description of the display dns configuration command output

Item	Description
Dns resolve	Whether dynamic DNS resolution is enabled. The value can be: Enabled: Dynamic DNS resolution is enabled. Disabled: Dynamic DNS resolution is disabled. To enable dynamic DNS resolution, run the dns resolve command.
DNS-server-select-algorithm	Algorithm for selecting a destination DNS server. The value can be: Fixed: The destination DNS server is selected in fixed order. Auto: The destination DNS server is selected in auto order. To specify an algorithm for selecting a destination DNS server, run the dns-server-select-algorithm command.
Dns server source ip address	Source IP address of the local device for communication. To set the source IP address of the local device, run the dns server source-ip command.
Dns server source ipv6 address	Source IPv6 address of the local device for communication. To set the source IPv6 address of the local device, run the dns server ipv6 source-ip command.
Dns proxy	Whether DNS proxy is enabled. The value can be: Enabled: DNS proxy is enabled. Disabled: DNS proxy is disabled. To enable DNS proxy, run the dns proxy enable command.
Dns IPv6 proxy	Whether IPv6 DNS proxy is enabled. The value can be: Enabled: IPv6 DNS proxy is enabled. Disabled: IPv6 DNS proxy is disabled. To enable DNS proxy, run the dns proxy ipv6 enable command.
Dns relay	Whether DNS relay is enabled. The value can be: Enabled: DNS relay is enabled. Disabled: DNS relay is disabled. To enable DNS relay, run the dns relay enable command.
Dns IPv6 relay	Whether IPv6 DNS relay is enabled. The value can be: Enabled: IPv6 DNS relay is enabled. Disabled: IPv6 DNS relay is disabled. To enable IPv6 DNS relay, run the dns relay ipv6 enable command.
Dns spoofing	IP address that spoofs Reply packets. To enable DNS spoofing and specify the IP address that spoofs Reply packets, run the dns spoofing command.
Dns IPv6 spoofing	IPv6 address that spoofs Reply packets. To enable DNS spoofing and specify the IPv6 address that spoofs Reply packets, run the dns spoofing ipv6 command.
Dns forward retry-number	Number of times for retransmitting query messages to the destination DNS server. To set the number of times for retransmitting query messages to the destination DNS server, run the dns forward retry-number command.
Dns forward retry-timeout	Retransmission timeout period that the device sends query messages to the destination DNS server. To set the retransmission timeout period that the device sends query messages to the destination DNS server, run the dns forward retry-timeout command.
Dns server vpn-instance	Name of the VPN instance that the DNS server belongs to. If the VPN instance that the DNS server belongs to is not specified, this parameter is not displayed. To configure the name of the VPN instance that the DNS server belongs to, run the dns server vpn-instance command.

display dns domain

Function

The display dns domain command displays the configuration and sequence of domain name suffixes.

Format

display dns domain [ verbose ]

Parameters

Parameter	Description	Value
verbose	Displays the detail information of domain name suffixes.	-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display dns domain command to view the configuration and sequence of domain name suffixes.

Example

# Display the list of domain name suffixes.

<Huawei> display dns domain
Type:                                                                            
D:Dynamic     S:Static                                                           
                                                                                 
NO.  Type    Domain name                        TTL                           
1     S      com                                -                                
2     S      net                                -

Table 8-41 Description of the display dns domain command output

Item	Description
NO.	Domain name suffix numbers, that is, the configuration sequence of domain name suffixes.
Type	Domain name suffixes type, including dynamic and static domain name suffix.
Domain name	Configured domain name suffix. In this example, two domain name suffixes are displayed. During DNS resolution, the first suffix "com" is added and sent to the DNS server. If the DNS server gives no response, the query message is resent. If the DNS server still gives no response, the query message is resent for a third time. If the DNS server still does not respond, the second suffix "net" is added and sent to the DNS server for searching for the mapped address.
TTL	Domain name suffix TTL.

Related Topics

dns domain

display dns dynamic-host

Function

The display dns dynamic-host command displays dynamic DNS entries saved in the domain name cache.

Format

display dns dynamic-host [ ip | naptr | srv ] [ domain-name ]

Parameters

Parameter	Description	Value
ip	Specifies the Class-A and PTR query dynamic DNS entries.	-
naptr	Specifies the NAPTR query dynamic DNS entries.	-
srv	Specifies the SRV query dynamic DNS entries.	-
domain-name	Specifies the dynamic DNS entries of a domain name.	The value must be an existing domain name suffix.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display dns dynamic-host command to view dynamic DNS entries saved in the domain name cache and check whether domain names match the mapping entries.

Example

# Display the dynamic DNS entries saved in the domain name cache.

<Huawei> display dns dynamic-host
Host                                     TTL        Type   Address                                                                  
sipx.autosrv.com                         114        IP     192.168.1.1                        
sip.autosrv.com                          237        IP     192.168.1.2                           
sip.autonaptr.com                        117        IP     192.168.1.3                        
_sip._tcp.autosrv.com                    55         SRV    0 0 0 sipx.autosrv.com   
                                                           0 0 0 sip.autosrv.com      
autonaptr.com                            0          NAPTR  101 10 A SIP+D2T  sip.autona

Total  :  5

Table 8-42 Description of the display dns dynamic-host command output

Item	Description
Host	Domain name. sipx.autosrv.com: indicates the domain name of the server providing the SIP service. _sip._tcp.autosrv.com: indicates the domain name of the server providing the SIP service through TCP in autosrv.com. autonaptr.com: indicates the domain name in the NAPTR resource record.
TTL	Time left before dynamic DNS entries saved in the cache age out, in seconds.
Type	Query type: IP: Class-A query, which is used to request the IP address corresponding to a domain name, or Pointer (PTR) query, which is used to request the domain name corresponding to an IP address. SRV: Service Record (SRV) query, which is used to obtain information about a server based on the protocol running on the server, including the domain name and port number. NAPTR: Naming Authority Pointer (NAPTR) query, which is used to obtain information about a server based on the server's domain name, including the IP address, and the transmission protocol.
Address	IP address mapping the domain name. 192.168.1.1: indicates the IPv4 address. 0 0 0 sipx.autosrv.com: indicates the SRV query result. In the SRV query result, 0 0 0 indicates the priority, weight, and port number respectively, and sipx.autosrv.com indicates the domain name of the server providing the SIP service. 101 10 A SIP+D2T sip.autona: indicates the NAPTR query result. In the NAPTR query result, 101 10 indicates the NAPTR resource record sequence and priority; A indicates that the IP address to be queried; SIP+D2T indicates that SIP and TCP are used; sip.autona indicates the domain name to be queried.

Related Topics

reset dns dynamic-host

display dns forward table

Function

The display dns forward table command displays the DNS forwarding table, including the mapping entry of the source IP address in a specified DNS query message.

Format

display dns forward table [ source-ip ip-address ]

Parameters

Parameter	Description	Value
source-ip ip-address	Specifies the source IP address in query messages.	The value is in dotted decimal notation.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After DNS proxy or DNS relay is enabled, you can run the display dns forward table command to view the DNS table of IP addresses.

When the device receives DNS request packets from the client but does not receive DNS reply packets from the server, you need to run the display dns forward table command to view the DNS forwarding table.

Example

# Display the DNS table on the DNS proxy or DNS relay.

<Huawei> display dns forward table 
Domain name            : www.domain.com                                                                                             
Source IP              : 10.136.128.53                                                                                              
Source port            : 2055                                                                                                       
Source packet id       : 3562                                                                                                       
Forward packet id      : 60669                                                                                                      
Query type             : 1    
VPN-Instance           : vpna

Table 8-43 Description of the display dns forward table command output

Item	Description
Domain name	Domain name.
Source IP	IP address of the client.
Source port	Port number of the client.
Source packet id	ID of the request packet from the client.
Forward packet id	ID of the forwarded packet, which corresponds to the ID of the request packet from the client.
Query type	Query type: 1: Class-A query 12: Pointer Record (PTR) query 33: SRV query 35: NAPTR query
VPN-Instance	Name of the VPN instance that the DNS client belongs to.

display dns statistics

Function

The display dns statistics command displays statistics on DNS packets.

Format

display dns statistics

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can use this command to check statistics on DNS packets, including the DNS IPv4 and IPv6 addresses.

Example

# Display statistics on DNS packets.

<Huawei> display dns statistics 
                                                                                
SumFromDNSv4Client           : 0                                                
SumToDNSv4Client             : 0                                                
SumFromDNSv4Server           : 0                                                
SumToDNSv4Server             : 0                                                
                                                                                
SumFromDNSv6Client           : 0                                                
SumToDNSv6Client             : 0                                                
SumFromDNSv6Server           : 0                                                
SumToDNSv6Server             : 0                                                
                                                                                
RetryFromClient              : 0                                                
NotQueryFromClient           : 0                                                
ParseFailFromClient          : 0                                                
TooLongFromClient            : 0                                                
LocalQueryFromClient         : 0                                                
NotStandardQueryFromClient   : 0                                                
                                                                                
NotRespFromServer            : 0                                                
NoAnswerFromServer           : 0                                                
ParseFailFromServer          : 0                                                
TooLongFromServer            : 0                                                
ErrorRespFromServer          : 0                                                
NotStandardQueryFromServer   : 0                                                
                                                                                
ResolvePolicyRuleDeny        : 0

Table 8-44 Description of the display dns statistics command output

Item	Description
SumFromDNSv4Client	Total number of packets sent from IPv4 DNS clients.
SumToDNSv4Client	Total number of packets sent to IPv4 DNS clients.
SumFromDNSv4Server	Total number of packets sent from IPv4 DNS servers.
SumToDNSv4Server	Total number of packets sent to IPv4 DNS servers.
SumFromDNSv6Client	Total number of packets sent from IPv6 DNS clients.
SumToDNSv6Client	Total number of packets sent to IPv6 DNS clients.
SumFromDNSv6Server	Total number of packets sent from IPv6 DNS servers.
SumToDNSv6Server	Total number of packets sent to IPv6 DNS servers.
RetryFromClient	Number of packets retransmitted from clients.
NotQueryFromClient	Number of non-query packets sent from clients.
ParseFailFromClient	Number of packets that failed to be parsed and are sent from clients.
TooLongFromClient	Number of packets longer than 512 bytes sent from clients.
LocalQueryFromClient	Number of query packets of which the source address is a local address and sent from clients.
NotStandardQueryFromClient	Number of nonstandard query packets sent from clients.
NotRespFromServer	Number of non-response packets sent from servers.
NoAnswerFromServer	Number of response packets of which the ANCOUNT field is 0 and sent from servers.
ParseFailFromServer	Number of packets that failed to be parsed and are sent from servers.
TooLongFromServer	Number of packets longer than 512 bytes sent from servers.
ErrorRespFromServer	Number of error response packets sent from servers.
NotStandardQueryFromServer	Number of nonstandard query packets sent from servers.
ResolvePolicyRuleDeny	Times of resolve policy rule deny.

display dns server

Function

The display dns server command displays the configuration and sequence of the current DNS server.

Format

display dns server [ verbose ]

Parameters

Parameter	Description	Value
verbose	Displays detailed information about the DNS server.	-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After configuring DNS, run the display dns server command to view the configuration and sequence of current DNS servers.

Example

# Display configurations of a DNS server.

<Huawei> display dns server
Type:                                                                                                                               
D:Dynamic     S:Static                                                                                                              
                                                                                                                                    
IPv4 DNS server :                                                                                                                   
NO. Type Status Used IP Address                                                                                                     
0   S    -      Yes  10.1.1.1                                                                                                        
1   S    -      Yes  10.1.1.2                                                                                                        
2   D    Up     Yes  10.1.1.2                                                                                                        
3   D    Up     Yes  10.1.1.3                                                                                                        
                                                                                                                                    
IPv6 DNS servers :                                                                                                                  
NO. Type Status Used IPv6 Address                            Interface                                                              
0   S    -      Yes  FC00:1::1                               -                                                                      
1   D    -      Yes  FC00:1::1                               -                                                                      
2   D    -      Yes  FC00:1::2                               -

Table 8-45 Description of the display dns server command output

Item	Description
Type	Configuration type of the DNS server IP address, including dynamic and static.
IPv4 DNS server	IPv4 DNS server configuration.
NO.	DNS server number, indicating the order in which they were configured.
Status	DNS server status.
Used	Indicates whether the DNS server is used.
IP Address	IPv4 address of the DNS server.
IPv6 Address	IPv6 address of the DNS server.
IPv6 DNS servers	IPv6 DNS server configuration.
Interface	Name of the outbound interface communicating with the DNS server.

Related Topics

dns server

display ip host

Function

The display ip host command displays mappings between hosts and IP addresses.

Format

display ip host

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After configuring static DNS entries, you can run the display ip host command to view the mapping between hosts and IP addresses.

Example

# Display mappings between hosts and IP addresses.

<Huawei> display ip host
Host                     Age        Flags  Address                              
example                  0          static 10.2.2.2

Table 8-46 Description of the display ip host output of the command

Item	Description
Host	Host name.
Age	Aging time. The value 0 indicates that the static DNS entry need not be aged.
Flags	Status of the domain name. "Static" indicates the static domain name.
Address	IP address matching the host.

ddns policy

Function

The ddns policy command creates a DDNS policy and enters the DDNS policy view.

The undo ddns policy command deletes a DDNS policy.

By default, no DDNS policy is created in the system.

Format

ddns policy policy-name

undo ddns policy policy-name

Parameters

Parameter	Description	Value
policy-name	Specifies the name of the DDNS policy.	The value is a string of 1 to 32 case-sensitive characters without spaces.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

DNS provides static mappings between domain names and IP addresses. When IP addresses of nodes change, DNS cannot dynamically update mappings. If a DNS client uses the original domain name to access the node, the DNS client will fail to access the node because the IP address mapping the domain name is incorrect. The DDNS updates the mappings between the domain name and the IP address on the DNS server to ensure that the IP address can be resolved correctly. The device can function as a DDNS client. When the IP address of the interface that provides services changes, the device sends a request of updating the domain name entry to the DDNS server. After receiving the request, the DDNS server updates the domain name entry.

Example

# Create a DDNS policy "test ".

<Huawei> system-view
[Huawei] ddns policy test
[Huawei-ddns-policy-test]

dns domain

Function

The dns domain command configures a domain name suffix of a server or a host on a DNS client that the DNS client wants to access.

The undo dns domain command deletes a configured domain name suffix from a DNS client.

By default, no domain name suffix is configured on a DNS client.

Format

dns domain domain-name

undo dns domain [ domain-name ]

Parameters

Parameter	Description	Value
domain-name	Specifies a domain name suffix on a DNS Client.	The value is a string of 1 to 64 characters, spaces not supported. The string is a combination of digits, letters, underscores (_), dots (.), and hyphen (-).

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Application Scenario

Generally, the domain name suffixes of some servers or hosts that a DNS client accesses are the same, for example, com.cn. In this case, you can set the domain name suffixes. When a DNS client accesses a host:

If the entered domain name does not carry dots (.), for example, "huawei", the system first adds the suffix com.cn to the domain name and sends a domain name request of "huawei.com.cn" to the DNS server to find the IP address corresponding to the domain name. If the DNS client does not receive any response from the server, it sends a domain name request of "huawei" to the DNS server to find the IP address corresponding to the domain name.
If the entered domain name carries dots (.), for example, "ilite.huawei", the system first sends a domain name request of "ilite.huawei" to the DNS server to find the IP address corresponding to the domain name. If the DNS client does not receive any response from the server, it adds the suffix com.cn to the domain name and sends a domain name request of "ilite.huawei.com.cn" to the DNS server to find the IP address corresponding to the domain name.

Precautions

A DNS client supports a maximum of 10 domain name suffixes. To configure multiple domain name suffixes, you can run the dns domain command repeatedly.

If the name of the suffix to be deleted is specified, the specified suffix is deleted. Otherwise, all the suffixes are deleted.

Example

# Configure a domain name suffix as com.cn.

<Huawei> system-view
[Huawei] dns domain com.cn

Related Topics

display dns domain

dns forward retry-number

Function

The dns forward retry-number command sets the number of times for the device to retransmit query requests to the destination DNS server.

The undo dns forward retry-number command restores the default retransmission count.

By default, the retransmission count is 2.

Format

dns forward retry-number number

undo dns forward retry-number

Parameters

Parameter	Description	Value
number	Specifies the number of times for the device to retransmit query requests to the destination DNS server.	The value is an integer from 0 to 15.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

The mode for a device to select the destination DNS server can be auto and fixed. For how a device sends DNS request packets to the destination DNS server in each mode and the corresponding precautions, see dns-server-select-algorithm.

If the number of times for the device to retransmit DNS request packets to each destination DNS server is relatively large and the packet retransmission timeout period is relatively long, the time for the DNS client to wait for the response from the DNS server is too long. However, the request timeout period of the DNS client is shorter, so that the DNS client fails to properly receive response packets from the server. To enable the DNS server to rapidly respond DNS request packets, you can run the dns forward retry-number and dns forward retry-timeout commands to adjust the number of times for the device to retransmit DNS request packets to each DNS server and the packet retransmission timeout period for ensuring that the DNS client can properly receive response packets from the server.

You need to consider the number of times for the device to retransmit DNS query requests to the destination DNS server, retransmission timeout period, and mode for the device to select the DNS server into consideration before configuring the query timeout period on a device.

When the mode for a device to select the destination DNS server is auto, the query timeout period of a DNS device is calculated as follows: (Number of retransmission times + 1) x Retransmission timeout period
When the mode for a device to select the destination DNS server is fixed, the query timeout period of a DNS device is calculated as follows: (Number of retransmission times + 1) x Retransmission timeout period x Number of DNS servers

Example

# Set the retransmission count that the device sends query packets to the destination DNS server to 1.

<Huawei> system-view
[Huawei] dns forward retry-number 1

dns forward retry-timeout

Function

The dns forward retry-timeout command sets the retransmission timeout period that the device sends Query packets to the destination DNS server.

The undo dns forward retry-timeout command restores the default retransmission timeout period.

By default, the retransmission timeout period for which the device sends DNS query requests to the destination DNS server is 3 seconds.

Format

dns forward retry-timeout time

undo dns forward retry-timeout

Parameters

Parameter	Description	Value
time	Specifies the retransmission timeout period that the device sends Query packets to the destination DNS server.	The value is an integer that ranges from 1 to 15, in seconds.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

When the mode for a device to select the destination DNS server is auto, the query timeout period of a DNS device is calculated as follows: (Number of retransmission times + 1) x Retransmission timeout period
When the mode for a device to select the destination DNS server is fixed, the query timeout period of a DNS device is calculated as follows: (Number of retransmission times + 1) x Retransmission timeout period x Number of DNS servers

Example

# Set the retransmission timeout period that the device sends Query packets to the destination DNS server to 2 seconds.

<Huawei> system-view
[Huawei] dns forward retry-timeout 2

dns proxy enable

Function

The dns proxy enable command enables DNS proxy.

The undo dns proxy enable command disables DNS proxy.

By default, DNS proxy is disabled.

Format

dns proxy enable

undo dns proxy enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

DNS proxy is used to forward DNS requests and reply packets between the DNS client and DNS server. The DNS client sends a DNS request packet to the device on which DNS proxy is enabled. The device sends the request packet to the DNS server and sends the reply packet to the DNS client. The device functions as the DNS proxy to provide services of the DNS server. Users do not need to interact with the DNS server directly. This function simplifies route deployment and improves performance and security of the DNS server.

Example

# Enable DNS proxy.

<Huawei> system-view
[Huawei] dns proxy enable

# Disable DNS proxy.

<Huawei> system-view
[Huawei] undo dns proxy enable

Related Topics

dns relay enable

display dns forward table

reset dns forward table

dns proxy sip-info insert-mode decompression-domain-name

Function

The dns proxy sip-info insert-mode decompression-domain-name command inserts SIP server information to DNS response packets in domain name decompression mode when the device functions as a DNS proxy.

The undo dns proxy sip-info insert-mode decompression-domain-name command restores the default insert mode.

By default, the domain name decompression mode is not used.

Format

dns proxy sip-info insert-mode decompression-domain-name

undo dns proxy sip-info insert-mode decompression-domain-name

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

This command applies only to the Branch Exchange Survivable Telephony (BEST) solution. In the BEST solution, the phone functions as the DNS client and the device functions as the DNS proxy. When the DNS client initiates an SRV query, the device inserts SIP server information to the DNS response packet. For example, when a Cisco phone is used and the dns proxy sip-info insert-mode decompression-domain-name command is not used to insert SIP server information to DNS response packets in domain name decompression mode, the phone cannot resolve DNS response packets that have SIP server information inserted.

Example

# Insert SIP server information to DNS response packets in domain name decompression mode in the BEST solution.

<Huawei> system-view
[Huawei] dns resolve
[Huawei] dns proxy enable
[Huawei] dns proxy sip-info insert-mode decompression-domain-name

dns relay enable

Function

The dns relay enable command enables DNS relay.

The undo dns relay enable command disables DNS relay.

By default, DNS relay is disabled.

Format

dns relay enable

undo dns relay enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

DNS relay is used to forward DNS requests and reply packets between the DNS client and DNS server. The DNS client sends a DNS request packet to the device on which DNS relay is enabled. The device sends the request packet to the DNS server and sends the reply packet to the DNS client. The device functions as the DNS relay to provide services of the DNS server. Users do not need to interact with the DNS server directly. This function simplifies route deployment and improves performance and security of the DNS server.

Example

# Enable DNS relay.

<Huawei> system-view
[Huawei] dns relay enable

# Disable DNS relay.

<Huawei> system-view
[Huawei] undo dns relay enable

Related Topics

dns proxy enable

display dns forward table

reset dns forward table

dns resolve

Function

The dns resolve command enables dynamic DNS resolution.

The undo dns resolve command disables dynamic DNS resolution.

By default, the dynamic DNS resolution is disabled.

Format

dns resolve

undo dns resolve

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

To obtain IP addresses mapping domain names using the DNS server, run the dns resolve command to enable dynamic DNS resolution on the device.

Example

# Enable dynamic DNS resolution.

<Huawei> system-view
[Huawei] dns resolve

Related Topics

dns server

Function

The dns server command configures an IP address for a DNS server.

The undo dns server command deletes the DNS server IP address.

By default, no DNS server IP address is configured.

Format

dns server ip-address [ track nqa admin-name test-name ]

undo dns server [ ip-address ]

Parameters

Parameter	Description	Value
ip-address	Specifies the IP address of a DNS server.	The value is in dotted decimal notation.
track nqa admin-name test-name	Specifies the NQA test instance to be associated with the DNS server. admin-name: specifies the name of the administrator for the NQA test instance. test-name: specifies the name of the NQA test instance.	The value is a string of 1 to 32 case-sensitive characters without any space.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A maximum of six DNS servers can be specified on Router. During dynamic DNS resolution, query messages are sent to DNS servers based on the configuration sequence of DNS servers.

The system sends a query to the DNS server first configured. If no response is received in the specified period of time (which can be configured by running the command dns forward retry-timeout), it resends the query twice. If receiving no response for the specified times (which can be configured by running the command dns forward retry-number), the system sends the query to the DNS server second configured and so on.

Prerequisites

Before specifying the NQA test instance to be associated with the DNS server using track nqa admin-name test-name, perform the following operations and start the NQA test instance.

Configuring and starting an NQA test instance of the DNS type
1. Run the system-view command to enter the system view.
2. Run the nqa test-instance admin-name test-name command to create an NQA test instance and enter the test instance view.
3. Run the test-type dns command to configure the test type to DNS.
4. Run the dns-server ipv4 ip-address command to configure the DNS server address.
5. Run the destination-address url urlstring command to configure the destination host name.
6. Run the frequency interval command to set the automatic test interval for the NQA test instance.
7. Run the start command to start the NQA test instance.
  
  An NQA test instance can be started immediately, at a specified time, or after a specified delay.
  - Run the start now [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ] command to start the test instance immediately.
  - Run the start at [ yyyy/mm/dd ] hh:mm:ss [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ] command to start the test instance at a specified time.
  - Run the start delay { seconds second | hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ] command to start the test instance after a specified delay.
Configuring and starting an NQA test instance of the ICMP type
1. Run the system-view command to enter the system view.
2. Run the nqa test-instance admin-name test-name command to create an NQA test instance and enter the test instance view.
3. Run the test-type icmp command to configure the test type to ICMP.
4. Run the destination-address ipv4 ipv4-address command to configure the destination IP address.
5. Run the frequency interval command to set the automatic test interval for the NQA test instance.
6. Run the start command to start the NQA test instance.
  
  An NQA test instance can be started immediately, at a specified time, or after a specified delay.
  - Run the start now [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ] command to start the test instance immediately.
  - Run the start at [ yyyy/mm/dd ] hh:mm:ss [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ] command to start the test instance at a specified time.
  - Run the start delay { seconds second | hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ] command to start the test instance after a specified delay.

Example

# Assign the IP address 10.2.0.70 to the DNS server.

<Huawei> system-view
[Huawei] dns server 10.2.0.70

Related Topics

display dns server

dns server vpn-instance

Function

The dns server vpn-instance command configures the device to send DNS query requests to the DNS server on a specified VPN network.

The undo dns server vpn-instance command disables the device from sending DNS query requests to the DNS server on a specified VPN network.

By default, the device can only send DNS query requests to the DNS server on a public network.

Format

dns server vpn-instance vpn-instance-name

undo dns server vpn-instance

Parameters

Parameter	Description	Value
vpn-instance-name	Specifies a VPN instance name.	It must be the name of an existing VPN instance.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

If an interface on the device and the DNS server have reachable routes to each other and the interface is on a VPN network, the device must use the DNS server on the VPN network for DNS query so that DNS packets can be exchanged properly.

If you run this command multiple times, only the latest configuration takes effect.

The device can send DNS query requests to the DNS server on a public network or specified VPN network.

The device can respond to DNS query requests sent by DNS clients on multiple VPN networks.

Example

# Configure the device to send DNS query requests to the DNS server on the VPN network vpn1.

<Huawei> system-view
[Huawei] ip vpn-instance vpn1
[Huawei-vpn-instance-vpn1] ipv4-family
[Huawei-vpn-instance-vpn1-af-ipv4] quit
[Huawei-vpn-instance-vpn1] quit
[Huawei] dns server vpn-instance vpn1

dns server source-ip

Function

The dns server source-ip command configures the source IP address for the device to send and receive DNS packets.

The undo dns server source-ip command deletes the source IP address for the device to send and receive DNS packets.

By default, no source IP address is configured for the device.

Format

dns server source-ip ip-address

undo dns server source-ip

Parameters

Parameter	Description	Value
ip-address	Specifies the source IP address for the device to send and receive DNS packets.	The value is in dotted decimal notation.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the device sends and receives DNS packets, the administrator can specify a source IP address for the device to ensure the communication security. The route from the DNS server to the specified source IP address must be reachable. The DNS server uses the specified source IP address as the destination address and sends a DNS response packet to the local device.

When the device functions as a DNS proxy or relay, run the dns server source-ip ip-address command to configure the source IP address for communicating with the DNS server.

Precautions

To make the command take effect, pay attention to the following points:

Ensure that the source IP address is the IP address of an interface or logical interface on the device, and there are reachable routes between the interface and the DNS server.
Ensure that the source IP address and the IP address of the DNS server are on the same VPN or public network.

Example

# Specify source IP address 172.16.1.1 for the local device.

<Huawei> system-view
[Huawei] dns server source-ip 172.16.1.1

dns-server-select-algorithm

Function

The dns-server-select-algorithm command configures the DNS server selection mode of the device.

The undo dns-server-select-algorithm command restores the default setting.

By default, the device selects a DNS server in auto mode.

Format

dns-server-select-algorithm { fixed | auto }

undo dns-server-select-algorithm

Parameters

Parameter	Description	Value
fixed	Selects a DNS server in fixed mode.	-
auto	Selects a DNS server in auto mode.	-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

The device can select a DNS server in either of the following modes:

auto: The device uses the internal algorithm to calculate the priorities of all configured DNS servers (IP addresses of DNS servers can be configured by running the dns server command), and then sends a DNS query request to the DNS server with the highest priority. If no response is received within a specified period of time, the device retransmits the DNS query request. If the device still does not receive a response from the DNS server after sending query requests multiple times, the device sends the DNS query request to the next server in sequence until it receives a response or has sent to all of the configured DNS servers.
fixed: The device sends a DNS query request to the first DNS server. If no response is received within a specified period of time, the device retransmits the DNS query request. If the device still does not receive a response from the DNS server after sending query requests multiple times, the device sends the DNS query request to the next server in sequence until it receives a response or has sent to all of the configured DNS servers.

This function is supported when the device functions as a DNS client or DNS proxy/relay.

When the device functions as a DNS client:

This function is supported only for DNS query requests sent by IPSec, voice, PKI, or DDNS services.
The DNS server selection mode is not supported for DNS query requests sent by other services. The device sends the requests according to the order in which DNS servers are configured. If no response is received, the device retransmits the requests according to the order in which DNS servers are configured.

Example

# Configure the device to select a DNS server in fixed mode.

<Huawei> system-view
[Huawei] dns-server-select-algorithm fixed

Related Topics

dns server

dns spoofing

Function

The dns spoofing command enables DNS spoofing and specifies an IP address in response messages.

The undo dns spoofing command disables DNS spoofing.

By default, DNS spoofing is disabled.

Format

dns spoofing ip-address

undo dns spoofing

Parameters

Parameter	Description	Value
ip-address	Specifies an IP address in response messages.	The value is in dotted decimal notation.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

If the DNS server address or route to the DNS server is not configured on the DNS proxy or relay, you can enable DNS spoofing on the device to spoof a response message with the configured IP address. Currently, DNS spoofing takes effect for only Class-A query (IP address query based on domain names).

If you run the dns spoofing command multiple times, only the latest configuration takes effect.

Example

# Enable DNS spoofing and specify the IP address in response messages as 10.1.1.1.

<Huawei> system-view
[Huawei] dns spoofing 10.1.1.1

# Disable DNS spoofing.

<Huawei> system-view
[Huawei] undo dns spoofing

Related Topics

dns relay enable

dns proxy enable

interval (DDNS policy view)

Function

The interval command sets the interval for sending DDNS update requests after the DDNS update is enabled.

The undo interval command restores the default setting.

By default, the interval for sending DDNS update requests is 3600 seconds.

Format

interval interval-time

undo interval

Parameters

Parameter	Description	Value
interval-time	Specifies interval for sending DDNS update requests.	The value is an integer that ranges from 60 to 31536000, in seconds.

Views

DDNS policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the interval for sending DDNS update requests is set in the configured DDNS policy, the device is triggered to send DDNS update requests at the specified intervals. All the mappings between IP addresses and domain names defined in the DDNS policy are updated.

Precautions

If you run the interval command multiple times, only the latest configuration takes effect.
Regardless of whether the interval is reached, the device sends DDNS update requests immediately as long as the primary IP address of the corresponding interface changes or the link status of the interface changes from Down to Up.
If the interval is changed, the device is triggered to send a DDNS update request immediately.
When a device is connected to the DDNS server supporting www.oray.cn, this command does not take effect and the device initiates a DDNS update request at a fixed interval of 60 seconds.

Example

# Set the interval for sending DDNS update requests to 3600 seconds.

<Huawei> system-view
[Huawei] ddns policy mypolicy
[Huawei-ddns-policy-mypolicy] interval 3600

ip host

Function

The ip host command configures static DNS entries.

The undo ip host command deletes static DNS entries.

By default, no static DNS entries are configured.

Format

ip host host-name ip-address

undo ip host host-name [ ip-address ]

Parameters

Parameter	Description	Value
host-name	Specifies the host name.	The value is a string of 1 to 255 case-sensitive characters without spaces.
ip-address	Specifies the IP address mapping the host name.	The value is in dotted decimal notation.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A static domain name resolution table is manually set up using the ip host command, describing the mappings between host names and IP addresses. In addition, some common host names are added to the table. Then, static host name resolution can be performed according to the static domain name resolution table. When requiring the IP address corresponding to a host name, the client first searches the static host name resolution table for the specified host name and obtains the corresponding IP address. In this manner, the efficiency of host name resolution is improved.

Precautions

The ip host command configures a maximum of 50 static DNS entries. Each host name can be mapped to only one IP address. When multiple IP addresses are mapped to a host name, only the latest configuration takes effect.

Example

# Configure the IP address 10.110.0.1 for the host test.

<Huawei> system-view
[Huawei] ip host test 10.110.0.1

Related Topics

display ip host

method (DDNS policy view)

Function

The method command sets the update mode for the device functioning as a DDNS client.

The undo method command restores the default update mode for the device functioning as a DDNS client.

By default, the update mode is vendor-specific for the device functioning as the DDNS client.

Format

method { ddns [ both ] | http | vendor-specific }

undo method

Parameters

Parameter	Description	Value
ddns [ both ]	Indicates that the update mode is ddns (defined by the RFC2136) for the device functioning as a DDNS client. If both is specified, both Class-A and PTR query records are updated. If both is not specified, only Class-A query records are updated Class-A query records: mapping between domain names and IP addresses provided by the DNS server for Class-A query. In Class-A query, an IP address is obtained based on a domain name. PTR query records: mapping between domain names and IP addresses provided by the DNS server for PTR query. In PTR query, a domain name is obtained using an IP address.	-
http	Indicates that the update mode is http for the device functioning as a DDNS client. After this parameter is specified, the DDNS client can communicate with a common DDNS server through HTTP.	-
vendor-specific	Indicates that the update mode is vendor-specific for the device functioning as a DDNS client. After this parameter is specified, the DDNS client can communicate with the DDNS servers provided at www.3322.org, www.dyndns.com, and www.oray.cn.	-

Parameter

Description

Value

ddns [ both ]

Indicates that the update mode is ddns (defined by the RFC2136) for the device functioning as a DDNS client.

If both is specified, both Class-A and PTR query records are updated. If both is not specified, only Class-A query records are updated

Class-A query records: mapping between domain names and IP addresses provided by the DNS server for Class-A query. In Class-A query, an IP address is obtained based on a domain name.
PTR query records: mapping between domain names and IP addresses provided by the DNS server for PTR query. In PTR query, a domain name is obtained using an IP address.

http

Indicates that the update mode is http for the device functioning as a DDNS client. After this parameter is specified, the DDNS client can communicate with a common DDNS server through HTTP.

vendor-specific

Indicates that the update mode is vendor-specific for the device functioning as a DDNS client. After this parameter is specified, the DDNS client can communicate with the DDNS servers provided at www.3322.org, www.dyndns.com, and www.oray.cn.

Views

DDNS policy view

Default Level

2: Configuration level

Usage Guidelines

When the device functioning as a DDNS client needs to update the mapping between domain names and IP addresses on the DNS server, the following update modes are supported:

DDNS update mode (defined by the RFC2136): The DDNS client dynamically updates the mapping between domain names and IP addresses on the DNS server. To configure this mode, specify the ddns parameter.
Update mode implemented through the DDNS server: The DDNS client sends the mapping between domain names and IP addresses to the DDNS server with a specified URL. The DDNS server then informs the DNS server to dynamically update the mapping between domain names and IP addresses. To configure this mode, specify the http or vendor-specific parameter.
- To use the Siemens DDNS server or DDNS server provided at www.3322.org, www.dyndns.com, or www.oray.cn, specify the vendor-specific parameter.
- To use an HTTP-based common DDNS server, specify the http parameter.

Security risks exist if the update mode for the device functioning as a DDNS client is set to http or vendor-specific. It is recommended that you set the update mode to ddns.

Example

# Set the update mode of the device functioning as the DDNS client to DDNS, and update Class-A and PTR query records.

<Huawei> system-view
[Huawei] ddns policy mypolicy
[Huawei-ddns-policy-mypolicy] method ddns both

# Restore the default update mode for the device functioning as the DDNS client.

<Huawei> system-view
[Huawei] ddns policy mypolicy
[Huawei-ddns-policy-mypolicy] undo method

Related Topics

ddns policy

name-server (DDNS policy view)

Function

The name-server command configures a DNS server to receive update messages from a DDNS client when the device functions as the DDNS client and the update mode is DDNS.

The undo name-server command cancels the DNS server configured for receiving update messages from the DDNS client.

By default, no DNS server is configured to receive update messages from a DDNS client when the device functions as the DDNS client and the update mode is DDNS.

Format

name-server name-server [ vpn-instance vpn-instance-name ]

undo name-server

Parameters

Parameter	Description	Value
name-server	Specifies the DNS server for receiving update messages from the DDNS client.	The value is a string of 1 to 128 case-sensitive characters without spaces. The value can be a domain name or an IP address.
vpn-instance vpn-instance-name	Specifies the name of a VPN instance.	The value is a string of 1 to 31 characters. The value must be the name of an existing VPN instance.

Views

DDNS policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the device functions as a DDNS client and the update mode is DDNS, you can run the name-server command to configure a DNS server to receive update messages from the DDNS client. After receiving the update request packets, the DNS server updates the mapping between the domain name and IP address of the DDNS client. When deploying a DNS server on a private network, you need to specify the name of the VPN instance to which the DNS server belongs.

Prerequisites

The update mode of the device functioning as a DDNS client has been set to DDNS using the method (DDNS policy view) command.

Example

# Configure the DNS server with the domain name ns.huawei.com to receive update messages from a DDNS client when the device functions as the DDNS client and the update mode is DDNS.

<Huawei> system-view
[Huawei] ddns policy mypolicy
[Huawei-ddns-policy-mypolicy] method ddns
[Huawei-ddns-policy-mypolicy] name-server ns.huawei.com

Related Topics

ddns policy

reset ddns policy

Function

The reset ddns policy command configures the device to update mappings between IP addresses and domain names.

Format

reset ddns policy policy-name [ interface interface-type interface-num ]

Parameters

Parameter	Description	Value
policy policy-name	Specifies the name of a DDNS policy that is to be updated.	The value is a string of 1 to 32 case-sensitive characters without spaces.
interface-type interface-num	Specifies the type and number of the interface to which DDNS policies are bound.	-

Views

User view

Default Level

3: Management level

Usage Guidelines

After the reset ddns policy command is executed, all mappings between IP addresses and domain names defined in the DDNS policy are updated.

Example

# Update the DDNS policy named dyndns on GE1/0/0.

<Huawei> reset ddns policy dyndns interface gigabitethernet 1/0/0

reset dns dynamic-host

Function

The reset dns dynamic-host command deletes dynamic DNS entries saved in the domain name cache.

Format

reset dns dynamic-host

Parameters

None

Views

User view

Default Level

3: Management level

Usage Guidelines

Clear dynamic DNS entries with caution because they cannot be restored after being cleared.

After confirming the action of clearing DNS entries, you can run the reset command to clear them.

Example

# Clear dynamic DNS entries from the domain name cache.

<Huawei> reset dns dynamic-host

Related Topics

display dns dynamic-host

reset dns forward table

Function

The reset dns forward table command clears the DNS entries forwarded.

Format

reset dns forward table [ source-ip ip-address ]

Parameters

Parameter	Description	Value
source-ip ip-address	Clear the DNS entries of a specified source IP address.	The value is in dotted decimal notation.

Views

User view

Default Level

3: Management level

Usage Guidelines

When the Router as a DNS proxy or relay is attacked, the DNS table will be full. The reset dns forward table command can delete all DNS entries.

Example

# Clear DNS entries in the DNS table on the DNS proxy or DNS relay.

<Huawei> reset dns forward table

Related Topics

display dns forward table

reset dns statistics

Function

The reset dns statistics command clears statistics on DNS packets.

Format

reset dns statistics

Parameters

None

Views

User view

Default Level

3: Management level

Usage Guidelines

The reset dns statistics command clears statistics on DNS packets, including the DNS IPv4 and IPv6 addresses. The cleared statistics cannot be restored.

Example

# Clear statistics on DNS packets.

<Huawei> reset dns statistics

ssl-policy (ddns-policy-view)

Function

The ssl-policy command binds an SSL policy to a DDNS policy.

The undo ssl-policy command deletes an SSL policy from a DDNS policy.

By default, no SSL policy is bound to a DDNS policy.

Format

ssl-policy policy-name

undo ssl-policy

Parameters

Parameter	Description	Value
policy-name	Specifies the name of an SSL policy bound to a DDNS policy.	The value is a string of 1 to 31 case-sensitive characters. It cannot contain a space or question mark (?).

Views

DDNS policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the device functions as the DDNS client and communicates with a Siemens DDNS server, the device needs to encrypt packets using SSL. An SSL policy needs to be bound to the DDNS policy.

Prerequisites

An SSL policy has been created using the ssl policy policy-name [ type { client | server } ] command, and PKI domain to be used by the SSL policy has been configured using the pki-realm realm-name command.

A DDNS policy has been created using the ddns policy command and a URL has been configured for Siemens DDNS server using the url command.

Precautions

An SSL policy needs to be bound to the DDNS policy only when the device functions as the DDNS client and communicates with a Siemens DDNS server.

Example

# Bind an SSL policy to a DDNS policy.

<Huawei> system-view
[Huawei] pki realm abc
[Huawei] ssl policy siemens type client 
[Huawei-ssl-policy-siemens] pki-realm abc
[Huawei-ssl-policy-siemens] quit 
[Huawei] ddns policy huawei 
[Huawei-ddns-policy-huawei] url https://192.168.36.67/nic/update?group=med&user=huawei_test&password=12345&myip=192.168.19.2 
[Huawei-ddns-policy-huawei] ssl-policy siemens

Related Topics

ddns policy

url (DDNS policy view)

Function

The url command specifies the URL in DDNS update requests.

The undo url command deletes the URL in DDNS update requests.

By default, no URL is specified in DDNS update requests on the device.

Format

url request-url [ username username password password ]

undo url

Parameters

Parameter	Description	Value
request-url	Specifies the URL in DDNS update requests.	The value is a string case-sensitive characters without spaces and ranges from 20 to 256 characters. If username username password password is not specified, the URL contains the user name and password, and their configurations are displayed in explicit text. For example, when the device uses TCP to communicate with www.oray.cn, the URL format of the DDNS update request is oray://huawei1:huawei2@phddnsdev.oray.net (huawei1 indicates the user name and huawei2 indicates the password). If username username password password is specified, the URL only contains the fixed format <username>:<password>, not the user name and password. The user name and password are specified by username and password, and the password configuration is displayed in cipher text. For example, when the device uses TCP to communicate with www.oray.cn, the URL format of the DDNS update request is oray://<username>:<password>@phddnsdev.oray.net (<username>:<password> is the fixed value).
username username password password	Specifies the user name and password for logging in to the DDNS server. NOTE: To ensure password security, you are advised to run the username username password password command to configure a user name and password. The password information in the configuration file is displayed in cipher text.	username: The value is a string of 1 to 32 case-sensitive characters without spaces. password: The value is a string of 1 to 32 case-sensitive characters in explicit text or 48 to 68 case-sensitive characters in cipher text without spaces.

Parameter

Description

Value

request-url

Specifies the URL in DDNS update requests.

The value is a string case-sensitive characters without spaces and ranges from 20 to 256 characters.

If username username password password is not specified, the URL contains the user name and password, and their configurations are displayed in explicit text. For example, when the device uses TCP to communicate with www.oray.cn, the URL format of the DDNS update request is oray://huawei1:huawei2@phddnsdev.oray.net (huawei1 indicates the user name and huawei2 indicates the password).
If username username password password is specified, the URL only contains the fixed format <username>:<password>, not the user name and password. The user name and password are specified by username and password, and the password configuration is displayed in cipher text. For example, when the device uses TCP to communicate with www.oray.cn, the URL format of the DDNS update request is oray://<username>:<password>@phddnsdev.oray.net (<username>:<password> is the fixed value).

username username password password

Specifies the user name and password for logging in to the DDNS server.

NOTE:

To ensure password security, you are advised to run the username username password password command to configure a user name and password. The password information in the configuration file is displayed in cipher text.

username: The value is a string of 1 to 32 case-sensitive characters without spaces.
password: The value is a string of 1 to 32 case-sensitive characters in explicit text or 48 to 68 case-sensitive characters in cipher text without spaces.

Views

DDNS policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After a DDNS policy is created, enter the URL and specify a DDNS server in the URL.

The processes for the device to request DDNS updates from different DDNS servers are different; therefore, the URL configurations of DDNS servers are different.

If username username password password is not specified,
- When the device uses HTTP to communicate with the DDNS server provided at www.3322.org, the URL in a DDNS update request is:
  http://username:password@members.3322.org/dyndns/update?system=dyndns&hostname=<h>&myip=<a>
- When the device uses HTTP to communicate with the DDNS server provided at www.dyndns.com, the URL in a DDNS update request is:
  http://username:password@update.dyndns.com/nic/update?hostname=<h>&myip=<a>
- When the device uses TCP to communicate with the DDNS server provided at www.oray.cn, the URL in a DDNS update request is:
  oray://username:password@phddnsdev.oray.net
- When the device uses HTTP to communicate with a common DDNS server, the URL in a DDNS update request is:
  http://username:password@merri.s.dnaip.fi/reg/h=<h>&a=<a>
  
  In the preceding URLs, username and password indicate the user name and password for logging in to the DDNS server. For example, in http://huawei1:huawei2@merri.s.dnaip.fi/reg/h=<h>&a=<a>, huawei1 and huawei2 indicate the user name and password for logging in to the DDNS server.
When username username password password is specified,
- When the device uses HTTP to communicate with the DDNS server provided at www.3322.org, the URL in a DDNS update request is:
  http://<username>:<password>@members.3322.org/dyndns/update?system=dyndns&hostname=<h>&myip=<a>
- When the device uses HTTP to communicate with the DDNS server provided at www.dyndns.com, the URL in a DDNS update request is:
  http://<username>:<password>@update.dyndns.com/nic/update?hostname=<h>&myip=<a>
- When the device uses TCP to communicate with the DDNS server provided at www.oray.cn, the URL in a DDNS update request is:
  oray://<username>:<password>@phddnsdev.oray.net
- When the device uses HTTP to communicate with a common DDNS server, the URL in a DDNS update request is:
  http://<username>:<password>@merri.s.dnaip.fi/reg/h=<h>&a=<a>
  
  In the preceding URLs, <username> and <password> are fixed formats, which cannot be modified.

Where,

The URL uses the default port number. The default port number of the DDNS server provided at www.oray.cn is 6060, the default HTTP port number is 80 and the default HTTPS port number is 443.
The FQDN and IP address cannot be specified in the URL for the DDNS server provided at www.oray.cn. You can specify the FQDN when applying a DDNS policy on an interface. The IP address in the URL is the primary IP address of the interface to which a DDNS policy is applied.

To prevent configuration errors, you are advised not to change <h> or <a> in the URL. The device automatically fills in <h> and <a> based on the FQDN specified when a DDNS policy is bound to the interface.

If you run the url command multiple times, only the latest configuration takes effect.

Precautions

In a URL, the user name and password are separated using :, the password and domain name are separated using @, and the domain name ends with /. Pay attention to the following points when using special characters in a URL.

Example

# Specify the URL of the DDNS update request, in which the password is displayed in cipher text.

<Huawei> system-view
[Huawei] ddns policy mypolicy
[Huawei-ddns-policy-mypolicy] url "http://<username>:<password>@members.3322.org/dyndns/update?system=dyndns&hostname=<h>&ip=<a>" username steven password nevets

# Delete the specified URL of the DDNS update request.

<Huawei> system-view
[Huawei] ddns policy mypolicy
[Huawei-ddns-policy-mypolicy] undo url

Related Topics

display ddns policy

dns resolve policy a

Function

The dns resolve policy a command enables the DNS resolution policy function for class-A query requests and displays the DNS resolution policy view.

The undo dns resolve policy a command disables the DNS resolution policy function for class-A query requests.

By default, the DNS resolution policy function for class-A query requests is disabled.

Format

dns resolve policy a

undo dns resolve policy a

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To control access traffic, the administrator requires that users can access only some websites on which they can browse only texts or pictures. For example, in Wi-Fi connection scenarios such as in metro or on bus, passengers can access only specified websites. If they attempt to access other websites, their access requests are rejected or redirected to the specified websites.

The administrator can run the dns resolve policy a command to enable the DNS resolution policy function for class-A query requests. Then only some specified domain names can be resolved to meet the wireless connection requirements.

Follow-up Procedure

Run the rule (DNS resolution policy view) command to configure a DNS resolution rule.

Example

# Enable the DNS resolution policy function for class-A query requests and display the DNS resolution policy view.

<Huawei> system-view  
[Huawei] dns resolve policy a

rule (DNS resolution policy view)

Function

The rule command configures a DNS resolution rule.

The undo rule command deletes the DNS resolution rule.

By default, no DNS resolution rule is configured.

Format

rule rule-id [ if-match name hostname ] { deny | permit | spoofing ip-address }

undo rule rule-id

Parameters

Parameter	Description	Value
rule-id	Specifies the DNS resolution rule ID. A smaller value indicates a higher rule priority.	The value is an integer that ranges from 0 to 127.
if-match name hostname	Specifies the domain name matching the DNS resolution rule. If this parameter is not configured, the DNS resolution rule matches all domain names.	The value is a string of 1 to 255 case-insensitive characters without spaces. It supports the digits 0-9, letters, and the following symbols: - _ . . The symbol indicates the wildcard that can only be prefixed to the domain name once. For example, *.example.com indicates that all host names in example.com are matched.
deny	Rejects the domain name resolution request matching the DNS resolution rule.	-
permit	Allows the domain name resolution request matching the DNS resolution rule.	-
spoofing ip-address	Specified the IP address of the spoofing response to the domain name resolution request matching the DNS resolution rule. A spoofing response uses the configured IP address as the domain name resolution result to respond to the domain name resolution request. The IP address may be directed to the local homepage (providing resources such as website navigation, local videos, and applications).	The value is in dotted decimal notation.

Views

DNS resolution policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the DNS resolution policy function is enabled, you need to configure a resolution rule in the DNS resolution policy view to implement domain name resolution, resolution prohibition, and spoofing response for a specified domain name.

The administrator can run the rule command to configure a specified DNS resolution rule.

Prerequisites

The DNS resolution policy function for class-A query requests has been enabled and the DNS resolution policy view has been displayed using the dns resolve policy a command.

Precautions

If the rule ID specified in rule-id already exists, the new rule overwrites the original rule no matter whether the new and original rules conflict with each other.
If the specified rule-id does not exist, create a rule using the specified rule-id and determine the rule insertion position based on the rule size.

Example

# Add a rule with rule-id as 0 to the DNS resolution policy, and configure address spoofing based on the DNS resolution request for www.huawei.com with the spoofing response address 192.168.1.1.

<Huawei> system-view  
[Huawei] dns resolve policy a 
[Huawei-dns-resolve-policy-a] rule 0 if-match name www.huawei.com spoofing 192.168.1.1

Translation

Favorite

Download

Update Date：2025-08-28

Document ID：EDOC1100041733

Downloads：1830

Average rating：0.0Points

Digital Signature File

digtal sigature tool