No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - IP Service

AR100, AR120, AR160, AR1200, AR2200, AR3200, and AR3600 V300R003

This document describes the concepts and configuration procedures of IP Service features on the device, and provides the configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the Device as an IPv4 DNS Proxy/Relay

Configuring the Device as an IPv4 DNS Proxy/Relay

Context

DNS relay is similar to DNS proxy. The difference is that the DNS proxy searches for DNS entries saved in the domain name cache after receiving DNS query messages from DNS clients. The DNS relay, however, directly forwards DNS query messages to the DNS server, reducing the cache usage.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run dns proxy enable or dns relay enable

    DNS proxy or relay is enabled.

  3. Choose either of the following methods to configure domain name resolution.

    • Configure static domain name resolution.

      Run ip host host-name ip-address

      A static DNS entry is configured.

      By default, no static DNS entry is configured.

      You can manually configure the mappings between domain names and IP addresses by configuring static DNS entries. When a DNS client requests the IP address corresponding to a domain name, the device does not forward the request to the DNS server but searches the static domain name resolution table for the IP address and returns the IP address to the DNS client.

    • Configure dynamic domain name resolution.

      1. Run dns resolve

        Dynamic domain name resolution is enabled.

        By default, dynamic DNS resolution is disabled.

        After dynamic domain name resolution is enabled, the DNS proxy searches the dynamic domain name resolution table after receiving a DNS request packet and checks whether the requested IP address exists. If yes, the DNS proxy returns a DNS reply packet that carries the resolution result to the DNS client. If not, the DNS proxy forwards the DNS request packet to the DNS server.

      2. Run dns server ip-address

        The DNS server that the DNS proxy or relay connects to is configured.

        By default, no IP address is configured for the DNS server.

      3. (Optional) Run dns server vpn-instance vpn-instance-name

        The device is configured to send DNS query requests to the DNS server on a specified VPN network.

        By default, the device can only send DNS query requests to the DNS server on a public network.

        NOTE:

        If you run this command multiple times, only the latest configuration takes effect.

        The device can send DNS query requests to the DNS server on a public network or specified VPN network.

        The device can respond to DNS query requests sent by DNS clients on multiple VPN networks.

      4. (Optional) Run dns server source-ip ip-address

        The source IP address that the device uses to exchange packets with the DNS server is configured.

        By default, no source IP address is configured for the device.

      5. (Optional) Configure the DNS resolution policy function.

        To control access traffic, the administrator requires that users can access only some websites on which they can browse only texts or pictures. For example, in Wi-Fi connection scenarios such as in metro or on bus, passengers can access only specified websites. If they attempt to access other websites, their access requests are rejected or redirected to the specified websites. To meet these requirements, perform the following steps:

        1. Run dns resolve policy a

          The DNS resolution policy function for class-A query requests is enabled and the DNS resolution policy view is displayed.

          By default, the DNS resolution policy function for class-A query requests is disabled.

        2. Run rule rule-id [ if-match name hostname ] { deny | permit | spoofing ip-address }

          The DNS resolution rule is configured.

          By default, no DNS resolution rule is configured.

        3. Run quit

          Exit from the DNS resolution policy view.

  4. (Optional) Configure the algorithm mode and retransmission mechanism for a device to send DNS query requests to the DNS server.

    • Run dns-server-select-algorithm { fixed | auto }

      The mode for the device to select the DNS server is configured.

      By default, the mode for a device to select the DNS server is auto.

    • Run dns forward retry-number number

      The number of times for the device to retransmit query requests to the destination DNS server is configured.

      By default, the number of times for a device to retransmit DNS query requests to the destination DNS server is 2.

    • Run dns forward retry-timeout time

      The retransmission timeout period for query requests sent by the device to the destination DNS server is configured.

      By default, the retransmission timeout period for DNS query requests sent by a device to the destination DNS server is 3 seconds.

    NOTE:
    The total timeout period for DNS query requests configured by dns forward retry-number and dns forward retry-timeout cannot be too short. Generally, the default value is recommended. If the time of waiting for the resolution response from the DNS server is too long, and the service exception is caused, you can prolong the retransmission timeout period as required.

  5. (Optional) Run dns proxy sip-info insert-mode decompression-domain-name

    The SIP server information is inserted to DNS response packets in domain name decompression mode when the device functions as a DNS proxy.

    By default, the domain name decompression mode is not used.

    This command applies only to the Branch Exchange Survivable Telephony (BEST) solution. In the BEST solution, the phone functions as the DNS client and the device functions as the DNS proxy. When the DNS client initiates an SRV query, the device inserts SIP server information to the DNS response packet.

Translation
Download
Updated: 2019-03-06

Document ID: EDOC1100069333

Views: 32413

Downloads: 157

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next