05-Layer 3 - IP Services Configuration Guide

HomeSupportResource CenterRoutersH3C SR8800 Series RoutersH3C SR8800Technical DocumentsConfigureConfiguration GuideH3C SR8800 Configuration Guide-Release3347-6W10305-Layer 3 - IP Services Configuration Guide
04-DNS Configuration
Title Size Download
04-DNS Configuration 266.6 KB

 

 

NOTE:

This document only covers IPv4 DNS configurations. For more information about the IPv6 DNS configuration, see the chapter “IPv6 basics configuration.”

 

DNS overview

Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain names into corresponding IP addresses. With DNS, you can use easy-to-remember domain names in some applications and let the DNS server translate them into correct IP addresses.

There are two types of DNS services, static and dynamic. After a user specifies a name, the router checks the local static name resolution table for an IP address. If no IP address is available, it contacts the DNS server for dynamic name resolution, which takes more time than static name resolution. Therefore, some frequently queried name-to-IP address mappings are stored in the local static name resolution table to improve efficiency.

Static domain name resolution

Static domain name resolution means setting up mappings between domain names and IP addresses. IP addresses of the corresponding domain names can be found in the static domain resolution table when you use applications such as Telnet.

Dynamic domain name resolution

Resolving procedure

Dynamic domain name resolution is implemented by querying the DNS server. The resolution procedure is as follows:

1.      A user program sends a name query to the resolver of the DNS client.

2.      The DNS resolver looks up the local domain name cache for a match. If the resolver finds a match, it sends the corresponding IP address back. If not, it sends a query to the DNS server.

3.      The DNS server looks up the corresponding IP address of the domain name in its DNS database. If no match is found, it sends a query to a higher level DNS server. This process continues until a result, whether successful or not, is returned.

4.      After receiving a response from the DNS server, the DNS client returns the resolution result to the application.

Figure 1 Dynamic domain name resolution

 

Figure 1 shows the relationship between the user program, DNS client, and DNS server.

The DNS client is made up of the resolver and cache. The user program and DNS client can run on the same router or different routers, while the DNS server and the DNS client usually run on different routers.

Dynamic domain name resolution allows the DNS client to store latest mappings between domain names and IP addresses in the dynamic domain name cache. There is no need to send a request to the DNS server for a repeated query next time. The aged mappings are removed from the cache after some time, and latest entries are required from the DNS server. The DNS server decides how long a mapping is valid, and the DNS client gets the aging information from DNS messages.

DNS suffixes

The DNS client normally holds a list of suffixes which the user sets. It is used when the name to be resolved is incomplete. The resolver can supply the missing part.

For example, a user can configure com as the suffix for aabbcc.com. The user only needs to type aabbcc to obtain the IP address of aabbcc.com because the resolver adds the suffix and delimiter before passing the name to the DNS server.

·           If there is no dot in the domain name (for example, aabbcc), the resolver considers this a host name and adds a DNS suffix before query. If no match is found after all the configured suffixes are used respectively, the original domain name (for example, aabbcc) is used for query.

·           If there is a dot in the domain name (for example, www.aabbcc), the resolver directly uses this domain name for query. If the query fails, the resolver adds a DNS suffix for another query.

·           If the dot is at the end of the domain name (for example, aabbcc.com.), the resolver considers it a fully qualified domain name (FQDN) and returns the query result, successful or failed. The dot (.) at the end of the domain name is considered a terminating symbol.

The router supports static and dynamic DNS services.

 

 

NOTE:

If an alias is configured for a domain name on the DNS server, the router can resolve the alias into the IP address of the host.

 

DNS proxy

Introduction to DNS proxy

A DNS proxy forwards DNS requests and replies between DNS clients and a DNS server.

As shown in Figure 2, a DNS client sends a DNS request to the DNS proxy, which forwards the request to the designated DNS server, and conveys the reply from the DNS server to the client.

The DNS proxy simplifies network management. When the DNS server address is changed, you only need to change the configuration on the DNS proxy instead of on each DNS client.

Figure 2 DNS proxy networking application

 

Operation of a DNS proxy

1.      A DNS client considers the DNS proxy as the DNS server, and sends a DNS request to the DNS proxy, that is, the destination address of the request is the IP address of the DNS proxy.

2.      The DNS proxy searches the local static domain name resolution table after receiving the request. If the requested information exists in the table, the DNS proxy returns a DNS reply to the client.

3.      If the requested information does not exist in the static domain name resolution table, the DNS proxy sends the request to the designated DNS server for domain name resolution.

4.      After receiving a reply from the DNS server, the DNS proxy forwards the reply to the DNS client.

DNS spoofing

With DNS proxy enabled but no DNS server or route to the DNS server specified, a router cannot forward a DNS request, or answer the request. In this case, you can enable DNS spoofing on the router to spoof a reply with the configured IP address. Once a DNS server is reachable, the router will send DNS requests to the server and return the replies to the requesting DNS clients.

Configuring the IPv4 DNS client

Configuring static domain name resolution

Configuring static domain name resolution refers to specifying the mappings between host names and IPv4 addresses. Static domain name resolution allows applications such as Telnet to contact hosts by using host names instead of IPv4 addresses.

To configure static domain name resolution:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Configure a mapping between a host name and an IPv4 address.

ip host hostname ip-address

Not configured by default

 

 

NOTE:

·       The IPv4 address you last assign to the host name will overwrite the previous one if there is any.

·       You may create up to 50 static mappings between domain names and IPv4 addresses.

 

Configuring dynamic domain name resolution

To send DNS queries to a correct server for resolution, dynamic domain name resolution must be enabled and a DNS server must be configured.

In addition, you can configure a DNS suffix that the system will automatically add to the provided domain name for resolution.

To configure dynamic domain name resolution:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enable dynamic domain name resolution.

dns resolve

Disabled by default.

3.     Specify a DNS server.

·       Approach 1 (In system view):
dns server ip-address

·       Approach 2 (In interface view):

a.   interface interface-type interface-number

b.   dns server ip-address

c.    quit

Configure the DNS server in at least one view.

Not specified by default.

4.     Configure a domain name suffix.

dns domain domain-name

Optional.

Not configured by default, that is, only the provided domain name is resolved.

 

 

NOTE:

·       You can configure up to six DNS servers, including those with IPv6 addresses, in system view and on all interfaces of a router.

·       A DNS server configured in system view has a higher priority than one configured in interface view. A DNS server configured earlier has a higher priority than one configured later in the same view. A DNS server manually configured has a higher priority than one dynamically obtained through DHCP. A name query request is first sent to the DNS server that has the highest priority. If no reply is received, it sent to the DNS server that has the second highest priority, and thus in turn.

·       You may configure up to six DNS servers and ten DNS suffixes.

 

Configuring the DNS proxy

To configure the DNS proxy:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enable DNS proxy.

dns proxy enable

Disabled by default.

3.     Specify a DNS server.

·       Approach 1 (In system view):
dns server ip-address

·       Approach 2 (In interface view):

a.   interface interface-type interface-number

b.   dns server ip-address

Configure the DNS server in at least one view.

No DNS server is specified by default.

 

 

NOTE:

You can specify multiple DNS servers by using the dns server command repeatedly. Upon receiving a name query request from a client, the DNS proxy forwards the request to the DNS server that has the highest priority. If having not received a reply, it forwards to the request to a DNS server that has the second highest priority, and thus in turn.

 

Configuring DNS spoofing

Configuration prerequisites

DNS spoofing is effective only when:

·           The DNS proxy is enabled on the router.

·           No DNS server or route to any DNS server is specified on the router.

Configuration procedure

To configure DNS spoofing:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enable DNS spoofing and specify the translated IP address.

dns spoofing ip-address

Disabled by default

 

Displaying and maintaining IPv4 DNS

 

Task

Command

Remarks

Display the static IPv4 domain name resolution table.

display ip host [ | { begin | exclude | include } regular-expression ]

Available in any view

Display IPv4 DNS server information.

display dns server [ dynamic ] [ | { begin | exclude | include } regular-expression ]

Available in any view

Display DNS suffixes.

display dns domain [ dynamic ] [ | { begin | exclude | include } regular-expression ]

Available in any view

Display the information of the dynamic IPv4 domain name cache.

display dns dynamic-host [ | { begin | exclude | include } regular-expression ]

Available in any view

Clear the information of the dynamic IPv4 domain name cache.

reset dns dynamic-host

Available in user view

 

IPv4 DNS configuration examples

Static domain name resolution configuration example

Network requirements

As shown in Figure 3, Device uses the static domain name resolution to access Host with IP address 10.1.1.2 through domain name host.com.

Figure 3 Network diagram

 

Configuration procedure

# Configure a mapping between host name host.com and IP address 10.1.1.2.

<Sysname> system-view

[Sysname] ip host host.com 10.1.1.2

# Execute the ping host.com command to verify that the device can use the static domain name resolution to get the IP address 10.1.1.2 corresponding to host.com.

[Sysname] ping host.com

  PING host.com (10.1.1.2):

  56  data bytes, press CTRL_C to break

    Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=128 time=1 ms

    Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=128 time=4 ms

    Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=128 time=3 ms

    Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=128 time=2 ms

    Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=128 time=3 ms

 

  --- host.com ping statistics ---

    5 packet(s) transmitted

    5 packet(s) received

    0.00% packet loss

    round-trip min/avg/max = 1/2/4 ms

Dynamic domain name resolution configuration example

Network requirements

As shown in Figure 4, the IP address of the DNS server is 2.1.1.2/16 and the name suffix is com. The mapping between domain name host and IP address 3.1.1.1/16 is stored in the com domain.

Dynamic domain name resolution and the domain name suffix are configured on the device that serves as a DNS client, and thus the device can use domain name host to access the host with the domain name host.com and the IP address 3.1.1.1/16. to access the host with the domain name host.com and the IP address 3.1.1.1/16.

Figure 4 Network diagram

 

Configuration procedure

 

 

NOTE:

·       Before performing the following configuration, make sure that there is a route between the device and the host, and configurations are done on both the device and the host. For the IP addresses of the interfaces, see Figure 4.

·       This configuration may vary with different DNS servers. The following configuration is performed on a PC running Windows Server 2000.

 

1.      Configure the DNS server:

# Enter DNS server configuration page.

Select Start > Programs > Administrative Tools > DNS.

# Create zone com.

In Figure 5, right click Forward Lookup Zones, select New zone, and then follow the instructions to create a new zone.

Figure 5 Creating a zone

 

# Create a mapping between the host name and IP address.

Figure 6 Adding a host

 

In Figure 6, right click zone com, and then select New Host to bring up a dialog box as shown in Figure 7. Enter host name host and IP address 3.1.1.1.

Figure 7 Adding a mapping between domain name and IP address

 

2.      Configure the DNS client:

# Enable dynamic domain name resolution.

<Sysname> system-view

[Sysname] dns resolve

# Specify the DNS server 2.1.1.2.

[Sysname] dns server 2.1.1.2

# Configure com as the name suffix.

[Sysname] dns domain com

3.      Configuration verification:

# Execute the ping host command on the device to verify that the communication between the device and the host is normal and that the corresponding destination IP address is 3.1.1.1.

[Sysname] ping host

Trying DNS resolve, press CTRL_C to break

 Trying DNS server (2.1.1.2)

  PING host.com (3.1.1.1):

  56  data bytes, press CTRL_C to break

    Reply from 3.1.1.1: bytes=56 Sequence=1 ttl=126 time=3 ms

    Reply from 3.1.1.1: bytes=56 Sequence=2 ttl=126 time=1 ms

    Reply from 3.1.1.1: bytes=56 Sequence=3 ttl=126 time=1 ms

    Reply from 3.1.1.1: bytes=56 Sequence=4 ttl=126 time=1 ms

    Reply from 3.1.1.1: bytes=56 Sequence=5 ttl=126 time=1 ms

 

   --- host.com ping statistics ---

    5 packet(s) transmitted

    5 packet(s) received

    0.00% packet loss

    round-trip min/avg/max = 1/1/3 ms

DNS proxy configuration example

Network requirements

·           As shown in Figure 8, specify Device A as the DNS server of Device B (the DNS client).

·           Device A acts as a DNS proxy. The IP address of the real DNS server is 4.1.1.1.

·           Device B implements domain name resolution through Device A.

Figure 8 Network diagram

 

Configuration procedure

 

 

NOTE:

Before performing the following configuration, assume that Device A, the DNS server, and the host are reachable to each other and the IP addresses of the interfaces are configured as shown in Figure 8.

 

1.      Configure the DNS server.

This configuration may vary with different DNS servers. When a Windows server 2000 PC acts as the DNS server, see “Dynamic domain name resolution configuration example” for related configuration information.

2.      Configure the DNS proxy:

# Specify the DNS server 4.1.1.1.

<DeviceA> system-view

[DeviceA] dns server 4.1.1.1

# Enable DNS proxy.

[DeviceA] dns proxy enable

3.      Configure the DNS client:

# Enable the domain name resolution function.

<DeviceB> system-view

[DeviceB] dns resolve

# Specify the DNS server 2.1.1.2.

[DeviceB] dns server 2.1.1.2

4.      Configuration verification:

# Execute the ping host.com command on Device B to verify that the host can be pinged after the host’s IP address 3.1.1.1 is resolved.

[DeviceB] ping host.com

Trying DNS resolve, press CTRL_C to break

 Trying DNS server (2.1.1.2)

  PING host.com (3.1.1.1):

  56  data bytes, press CTRL_C to break

    Reply from 3.1.1.1: bytes=56 Sequence=1 ttl=126 time=3 ms

    Reply from 3.1.1.1: bytes=56 Sequence=2 ttl=126 time=1 ms

    Reply from 3.1.1.1: bytes=56 Sequence=3 ttl=126 time=1 ms

    Reply from 3.1.1.1: bytes=56 Sequence=4 ttl=126 time=1 ms

    Reply from 3.1.1.1: bytes=56 Sequence=5 ttl=126 time=1 ms

 

  --- host.com ping statistics ---

    5 packet(s) transmitted

    5 packet(s) received

    0.00% packet loss

    round-trip min/avg/max = 1/1/3 ms

Troubleshooting IPv4 DNS configuration

Symptom

After enabling the dynamic domain name resolution, the user cannot get the correct IP address.

Solution

·           Use the display dns dynamic-host command to verify that the specified domain name is in the cache.

·           If there is no defined domain name, check that dynamic domain name resolution is enabled and the DNS client can communicate with the DNS server.

·           If the specified domain name is in the cache, but the IP address is incorrect, check that the DNS client has the correct IP address of the DNS server.

·           Verify the mapping between the domain name and IP address is correct on the DNS server.