Configuring the IPv6 Dynamic Domain Name Resolution
Context
The IPv6 DNS Proxy/Relay needs to complete dynamic domain name resolution through the DNS server. During dynamic domain name resolution, the DNS server needs to provide the mapping between domain names and IPv6 addresses and receive domain name resolution requests from clients.
Configuring dynamic domain name resolution involves enabling dynamic domain name resolution, configuring an IPv6 address for the DNS server, configuring a source IPv6 address for the local device, and configuring a domain name suffix. If the local device uses an IPv6 address allocated by the DHCPv6 server and the information delivered by the DHCPv6 server to the local device contains the DNS server IPv6 address and the domain name suffix list, you only need to enable dynamic DNS resolution.
Procedure
- Run system-view
The system view is displayed.
- Run dns resolve
Dynamic domain name resolution is enabled.
By default, dynamic DNS resolution is disabled.
- (Optional) Run dns server ipv6 source-ip ipv6-address
The source IPv6 address of the local device is specified.
By default, the source IPv6 address is not configured on the device.
After the IPv6 address of the local device is specified, the device uses the specified IPv6 address to communicate with the DNS server. If no source IPv6 address is configured, the DNS client needs to select a source IPv6 address according to the destination address each time it sends an IPv6 DNS request. If only one route from the DNS server to the device with an IPv6 address is reachable, you need to specify the source IPv6 address in the DNS query message when the device sends a DNS query to the DNS server.
- Run dns server ipv6 ipv6-address [ interface-type interface-number ]
An IPv6 address is configured for the DNS server.
By default, no DNS server IPv6 address is configured.
If the DNS server has only one reachable route containing a specified destination IPv6 address to the device, you need to specify the source IPv6 address in the DNS query request sent from the device to the DNS server.
Ensure that the source IPv6 address is the IPv6 address of an interface or logical interface on the device, and there are reachable routes between the interface and the DNS server.
Ensure that the source IPv6 address and the IPv6 address of the DNS server are on the same VPN or public network.
- (Optional) Run dns server vpn-instance vpn-instance-name
The device is configured to send DNS query requests to the DNS server on a specified VPN network.
By default, the device can only send DNS query requests to the DNS server on a public network.
If you run this command multiple times, only the latest configuration takes effect.
The device can send DNS query requests to the DNS server on a public network or specified VPN network.
The device can respond to DNS query requests sent by DNS clients on multiple VPN networks.
- (Optional) Run dns domain domain-name
A suffix of a domain name is added.
By default, no domain name suffix is configured on a DNS client.
- (Optional) Configure the DNS resolution policy function.
To control access traffic, the administrator requires that users can access only some websites on which they can browse only texts or pictures. For example, in Wi-Fi connection scenarios such as in metro or on bus, passengers can access only specified websites. If they attempt to access other websites, their access requests are rejected or redirected to the specified websites. To meet these requirements, perform the following steps:
Run dns resolve policy { a | aaaa } enable
The DNS resolution policy function is enabled for class A or AAAA query requests.
By default, the DNS resolution policy function is disabled for class A or AAAA query requests.
Run dns resolve policy
The DNS resolution policy view is displayed.
Run rule rule-id [ if-match name hostname ] { deny | permit | spoofing { ipv4-address | ipv6-address } }
A DNS resolution rule is configured.
By default, no DNS resolution rule is configured.
Run quit
Exit from the DNS resolution policy view.
- (Optional) Configure the algorithm mode and retransmission mechanism for a device to send DNS query requests to the DNS server.
Run dns-server-select-algorithm { fixed [ dynamic-precedence ] | auto }
The mode for the device to select the DNS server is configured.
By default, the mode for a device to select the DNS server is auto.
Only V300R019C13 and later versions support the dynamic-precedence parameter.
Run dns forward retry-number number
The number of times for the device to retransmit query requests to the destination DNS server is configured.
By default, the number of times for a device to retransmit DNS query requests to the destination DNS server is 2.
Run dns forward retry-timeout time
The retransmission timeout period for DNS query requests sent by the device to the destination DNS server is configured.
By default, the retransmission timeout period for DNS query requests sent by a device to the destination DNS server is 3 seconds.
The total timeout period for DNS query requests configured by dns forward retry-number and dns forward retry-timeout cannot be too short. Generally, the default value is recommended. If the time of waiting for the resolution response from the DNS server is too long, and the service exception is caused, you can prolong the retransmission timeout period as required.
- (Optional) Run dns proxy ipv6 forward-any-response
The DNS proxy is configured to forward all response packets from the DNS server to the DNS client.
By default, the DNS proxy forwards only the response packets that are successfully resolved by the DNS server to the DNS client.
