- Table of Contents
-
- 05-Layer 3 - IP Services Configuration Guide
- 00-Preface
- 01-ARP Configuration
- 02-IP Addressing Configuration
- 03-DHCP Configuration
- 04-DNS Configuration
- 05-NAT Configuration
- 06-IP Performance Optimization Configuration
- 07-Adjacency Table Configuration
- 08-UDP Helper Configuration
- 09-IPv6 Basics Configuration
- 10-DHCPv6 Configuration
- 11-IPv6 DNS Configuration
- 12-NAT-PT Configuration
- 13-Tunneling Configuration
- 14-GRE Configuration
- Related Documents
-
Title | Size | Download |
---|---|---|
04-DNS Configuration | 266.6 KB |
Contents
Dynamic domain name resolution
Configuring the IPv4 DNS client
Configuring static domain name resolution
Configuring dynamic domain name resolution
Displaying and maintaining IPv4 DNS
IPv4 DNS configuration examples
Static domain name resolution configuration example
Dynamic domain name resolution configuration example
DNS proxy configuration example
Troubleshooting IPv4 DNS configuration
|
NOTE: This document only covers IPv4 DNS configurations. For more information about the IPv6 DNS configuration, see the chapter “IPv6 basics configuration.” |
DNS overview
Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain names into corresponding IP addresses. With DNS, you can use easy-to-remember domain names in some applications and let the DNS server translate them into correct IP addresses.
There are two types of DNS services, static and dynamic. After a user specifies a name, the router checks the local static name resolution table for an IP address. If no IP address is available, it contacts the DNS server for dynamic name resolution, which takes more time than static name resolution. Therefore, some frequently queried name-to-IP address mappings are stored in the local static name resolution table to improve efficiency.
Static domain name resolution
Static domain name resolution means setting up mappings between domain names and IP addresses. IP addresses of the corresponding domain names can be found in the static domain resolution table when you use applications such as Telnet.
Dynamic domain name resolution
Resolving procedure
Dynamic domain name resolution is implemented by querying the DNS server. The resolution procedure is as follows:
1. A user program sends a name query to the resolver of the DNS client.
2. The DNS resolver looks up the local domain name cache for a match. If the resolver finds a match, it sends the corresponding IP address back. If not, it sends a query to the DNS server.
3. The DNS server looks up the corresponding IP address of the domain name in its DNS database. If no match is found, it sends a query to a higher level DNS server. This process continues until a result, whether successful or not, is returned.
4. After receiving a response from the DNS server, the DNS client returns the resolution result to the application.
Figure 1 Dynamic domain name resolution
Figure 1 shows the relationship between the user program, DNS client, and DNS server.
The DNS client is made up of the resolver and cache. The user program and DNS client can run on the same router or different routers, while the DNS server and the DNS client usually run on different routers.
Dynamic domain name resolution allows the DNS client to store latest mappings between domain names and IP addresses in the dynamic domain name cache. There is no need to send a request to the DNS server for a repeated query next time. The aged mappings are removed from the cache after some time, and latest entries are required from the DNS server. The DNS server decides how long a mapping is valid, and the DNS client gets the aging information from DNS messages.
DNS suffixes
The DNS client normally holds a list of suffixes which the user sets. It is used when the name to be resolved is incomplete. The resolver can supply the missing part.
For example, a user can configure com as the suffix for aabbcc.com. The user only needs to type aabbcc to obtain the IP address of aabbcc.com because the resolver adds the suffix and delimiter before passing the name to the DNS server.
· If there is no dot in the domain name (for example, aabbcc), the resolver considers this a host name and adds a DNS suffix before query. If no match is found after all the configured suffixes are used respectively, the original domain name (for example, aabbcc) is used for query.
· If there is a dot in the domain name (for example, www.aabbcc), the resolver directly uses this domain name for query. If the query fails, the resolver adds a DNS suffix for another query.
· If the dot is at the end of the domain name (for example, aabbcc.com.), the resolver considers it a fully qualified domain name (FQDN) and returns the query result, successful or failed. The dot (.) at the end of the domain name is considered a terminating symbol.
The router supports static and dynamic DNS services.
|
NOTE: If an alias is configured for a domain name on the DNS server, the router can resolve the alias into the IP address of the host. |
DNS proxy
Introduction to DNS proxy
A DNS proxy forwards DNS requests and replies between DNS clients and a DNS server.
As shown in Figure 2, a DNS client sends a DNS request to the DNS proxy, which forwards the request to the designated DNS server, and conveys the reply from the DNS server to the client.
The DNS proxy simplifies network management. When the DNS server address is changed, you only need to change the configuration on the DNS proxy instead of on each DNS client.
Figure 2 DNS proxy networking application
Operation of a DNS proxy
1. A DNS client considers the DNS proxy as the DNS server, and sends a DNS request to the DNS proxy, that is, the destination address of the request is the IP address of the DNS proxy.
2. The DNS proxy searches the local static domain name resolution table after receiving the request. If the requested information exists in the table, the DNS proxy returns a DNS reply to the client.
3. If the requested information does not exist in the static domain name resolution table, the DNS proxy sends the request to the designated DNS server for domain name resolution.
4. After receiving a reply from the DNS server, the DNS proxy forwards the reply to the DNS client.
DNS spoofing
With DNS proxy enabled but no DNS server or route to the DNS server specified, a router cannot forward a DNS request, or answer the request. In this case, you can enable DNS spoofing on the router to spoof a reply with the configured IP address. Once a DNS server is reachable, the router will send DNS requests to the server and return the replies to the requesting DNS clients.
Configuring the IPv4 DNS client
Configuring static domain name resolution
Configuring static domain name resolution refers to specifying the mappings between host names and IPv4 addresses. Static domain name resolution allows applications such as Telnet to contact hosts by using host names instead of IPv4 addresses.
To configure static domain name resolution:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Configure a mapping between a host name and an IPv4 address. |
ip host hostname ip-address |
Not configured by default |
|
NOTE: · The IPv4 address you last assign to the host name will overwrite the previous one if there is any. · You may create up to 50 static mappings between domain names and IPv4 addresses. |
Configuring dynamic domain name resolution
To send DNS queries to a correct server for resolution, dynamic domain name resolution must be enabled and a DNS server must be configured.
In addition, you can configure a DNS suffix that the system will automatically add to the provided domain name for resolution.
To configure dynamic domain name resolution:
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
2. Enable dynamic domain name resolution. |
dns resolve |
Disabled by default. |
3. Specify a DNS server. |
·
Approach 1 (In
system view): · Approach 2 (In interface view): a. interface interface-type interface-number b. dns server ip-address c. quit |
Configure the DNS server in at least one view. Not specified by default. |
4. Configure a domain name suffix. |
dns domain domain-name |
Optional. Not configured by default, that is, only the provided domain name is resolved. |
|
NOTE: · You can configure up to six DNS servers, including those with IPv6 addresses, in system view and on all interfaces of a router. · A DNS server configured in system view has a higher priority than one configured in interface view. A DNS server configured earlier has a higher priority than one configured later in the same view. A DNS server manually configured has a higher priority than one dynamically obtained through DHCP. A name query request is first sent to the DNS server that has the highest priority. If no reply is received, it sent to the DNS server that has the second highest priority, and thus in turn. · You may configure up to six DNS servers and ten DNS suffixes. |
Configuring the DNS proxy
To configure the DNS proxy:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enable DNS proxy. |
dns proxy enable |
Disabled by default. |
3. Specify a DNS server. |
·
Approach 1 (In
system view): · Approach 2 (In interface view): a. interface interface-type interface-number b. dns server ip-address |
Configure the DNS server in at least one view. No DNS server is specified by default. |
|
NOTE: You can specify multiple DNS servers by using the dns server command repeatedly. Upon receiving a name query request from a client, the DNS proxy forwards the request to the DNS server that has the highest priority. If having not received a reply, it forwards to the request to a DNS server that has the second highest priority, and thus in turn. |
Configuring DNS spoofing
Configuration prerequisites
DNS spoofing is effective only when:
· The DNS proxy is enabled on the router.
· No DNS server or route to any DNS server is specified on the router.
Configuration procedure
To configure DNS spoofing:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enable DNS spoofing and specify the translated IP address. |
dns spoofing ip-address |
Disabled by default |
Displaying and maintaining IPv4 DNS
Task |
Command |
Remarks |
Display the static IPv4 domain name resolution table. |
display ip host [ | { begin | exclude | include } regular-expression ] |
Available in any view |
Display IPv4 DNS server information. |
display dns server [ dynamic ] [ | { begin | exclude | include } regular-expression ] |
Available in any view |
Display DNS suffixes. |
display dns domain [ dynamic ] [ | { begin | exclude | include } regular-expression ] |
Available in any view |
Display the information of the dynamic IPv4 domain name cache. |
display dns dynamic-host [ | { begin | exclude | include } regular-expression ] |
Available in any view |
Clear the information of the dynamic IPv4 domain name cache. |
reset dns dynamic-host |
Available in user view |
IPv4 DNS configuration examples
Static domain name resolution configuration example
Network requirements
As shown in Figure 3, Device uses the static domain name resolution to access Host with IP address 10.1.1.2 through domain name host.com.
Configuration procedure
# Configure a mapping between host name host.com and IP address 10.1.1.2.
<Sysname> system-view
[Sysname] ip host host.com 10.1.1.2
# Execute the ping host.com command to verify that the device can use the static domain name resolution to get the IP address 10.1.1.2 corresponding to host.com.
[Sysname] ping host.com
PING host.com (10.1.1.2):
56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=128 time=1 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=128 time=4 ms
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=128 time=3 ms
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=128 time=2 ms
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=128 time=3 ms
--- host.com ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/2/4 ms
Dynamic domain name resolution configuration example
Network requirements
As shown in Figure 4, the IP address of the DNS server is 2.1.1.2/16 and the name suffix is com. The mapping between domain name host and IP address 3.1.1.1/16 is stored in the com domain.
Dynamic domain name resolution and the domain name suffix are configured on the device that serves as a DNS client, and thus the device can use domain name host to access the host with the domain name host.com and the IP address 3.1.1.1/16. to access the host with the domain name host.com and the IP address 3.1.1.1/16.
Configuration procedure
|
NOTE: · Before performing the following configuration, make sure that there is a route between the device and the host, and configurations are done on both the device and the host. For the IP addresses of the interfaces, see Figure 4. · This configuration may vary with different DNS servers. The following configuration is performed on a PC running Windows Server 2000. |
1. Configure the DNS server:
# Enter DNS server configuration page.
Select Start > Programs > Administrative Tools > DNS.
# Create zone com.
In Figure 5, right click Forward Lookup Zones, select New zone, and then follow the instructions to create a new zone.
Figure 5 Creating a zone
# Create a mapping between the host name and IP address.
In Figure 6, right click zone com, and then select New Host to bring up a dialog box as shown in Figure 7. Enter host name host and IP address 3.1.1.1.
Figure 7 Adding a mapping between domain name and IP address
2. Configure the DNS client:
# Enable dynamic domain name resolution.
<Sysname> system-view
[Sysname] dns resolve
# Specify the DNS server 2.1.1.2.
[Sysname] dns server 2.1.1.2
# Configure com as the name suffix.
[Sysname] dns domain com
3. Configuration verification:
# Execute the ping host command on the device to verify that the communication between the device and the host is normal and that the corresponding destination IP address is 3.1.1.1.
[Sysname] ping host
Trying DNS resolve, press CTRL_C to break
Trying DNS server (2.1.1.2)
PING host.com (3.1.1.1):
56 data bytes, press CTRL_C to break
Reply from 3.1.1.1: bytes=56 Sequence=1 ttl=126 time=3 ms
Reply from 3.1.1.1: bytes=56 Sequence=2 ttl=126 time=1 ms
Reply from 3.1.1.1: bytes=56 Sequence=3 ttl=126 time=1 ms
Reply from 3.1.1.1: bytes=56 Sequence=4 ttl=126 time=1 ms
Reply from 3.1.1.1: bytes=56 Sequence=5 ttl=126 time=1 ms
--- host.com ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/3 ms
DNS proxy configuration example
Network requirements
· As shown in Figure 8, specify Device A as the DNS server of Device B (the DNS client).
· Device A acts as a DNS proxy. The IP address of the real DNS server is 4.1.1.1.
· Device B implements domain name resolution through Device A.
Configuration procedure
|
NOTE: Before performing the following configuration, assume that Device A, the DNS server, and the host are reachable to each other and the IP addresses of the interfaces are configured as shown in Figure 8. |
1. Configure the DNS server.
This configuration may vary with different DNS servers. When a Windows server 2000 PC acts as the DNS server, see “Dynamic domain name resolution configuration example” for related configuration information.
2. Configure the DNS proxy:
# Specify the DNS server 4.1.1.1.
<DeviceA> system-view
[DeviceA] dns server 4.1.1.1
# Enable DNS proxy.
[DeviceA] dns proxy enable
3. Configure the DNS client:
# Enable the domain name resolution function.
<DeviceB> system-view
[DeviceB] dns resolve
# Specify the DNS server 2.1.1.2.
[DeviceB] dns server 2.1.1.2
4. Configuration verification:
# Execute the ping host.com command on Device B to verify that the host can be pinged after the host’s IP address 3.1.1.1 is resolved.
[DeviceB] ping host.com
Trying DNS resolve, press CTRL_C to break
Trying DNS server (2.1.1.2)
PING host.com (3.1.1.1):
56 data bytes, press CTRL_C to break
Reply from 3.1.1.1: bytes=56 Sequence=1 ttl=126 time=3 ms
Reply from 3.1.1.1: bytes=56 Sequence=2 ttl=126 time=1 ms
Reply from 3.1.1.1: bytes=56 Sequence=3 ttl=126 time=1 ms
Reply from 3.1.1.1: bytes=56 Sequence=4 ttl=126 time=1 ms
Reply from 3.1.1.1: bytes=56 Sequence=5 ttl=126 time=1 ms
--- host.com ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/3 ms
Troubleshooting IPv4 DNS configuration
Symptom
After enabling the dynamic domain name resolution, the user cannot get the correct IP address.
Solution
· Use the display dns dynamic-host command to verify that the specified domain name is in the cache.
· If there is no defined domain name, check that dynamic domain name resolution is enabled and the DNS client can communicate with the DNS server.
· If the specified domain name is in the cache, but the IP address is incorrect, check that the DNS client has the correct IP address of the DNS server.
· Verify the mapping between the domain name and IP address is correct on the DNS server.