Login
- Table of Contents
-
- 05-Layer 3 - IP Services Configuration Guide
- 00-Preface
- 01-ARP configuration
- 02-IP addressing configuration
- 03-DHCP configuration
- 04-DNS configuration
- 05-IP forwarding basics configuration
- 06-Adjacency table configuration
- 07-IP performance optimization configuration
- 08-UDP helper configuration
- 09-IPv6 basics configuration
- 10-DHCPv6 configuration
- 11-IPv6 fast forwarding configuration
- 12-Fast forwarding configuration
- 13-Tunnel configuration
- 14-GRE configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 04-DNS configuration | 350.88 KB |
Contents
Dynamic domain name resolution
Configuring the IPv4 DNS client
Configuring static domain name resolution
Configuring dynamic domain name resolution
Specifying the source interface for DNS packets
Configuring the DNS trusted interface
Displaying and maintaining IPv4 DNS·
IPv4 DNS configuration examples
Static domain name resolution configuration example
Dynamic domain name resolution configuration example
DNS proxy configuration example
Troubleshooting IPv4 DNS configuration
DDNS client configuration task list
Overview
Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain names into IP addresses. With DNS, you can use easy-to-remember domain names in some applications and let the DNS server translate them into correct IP addresses.
DNS services can be static or dynamic. After a user specifies a name, the device checks the local static name resolution table for an IP address. If no IP address is available, it contacts the DNS server for dynamic name resolution, which takes more time than static name resolution. To improve efficiency, you can put frequently queried name-to-IP address mappings in the local static name resolution table.
Static domain name resolution
Static domain name resolution means setting up mappings between domain names and IP addresses. You can find IP addresses of the corresponding domain names in the static domain resolution table when you use applications such as Telnet.
Dynamic domain name resolution
Resolution process
1. A user program sends a name query to the resolver of the DNS client.
2. The DNS resolver looks up the local domain name cache for a match. If the resolver finds a match, it sends the corresponding IP address back. If not, it sends a query to the DNS server.
3. The DNS server looks up the corresponding IP address of the domain name in its DNS database. If no match is found, the server sends a query to other DNS servers. This process continues until a result, whether successful or not, is returned.
4. After receiving a response from the DNS server, the DNS client returns the resolution result to the user program.
Figure 1 Dynamic domain name resolution
Figure 1 shows the relationship between the user program, DNS client, and DNS server.
The DNS client is made up of the resolver and cache. The user program and DNS client can run on the same device or different devices, but the DNS server and the DNS client usually run on different devices.
Dynamic domain name resolution allows the DNS client to store latest mappings between domain names and IP addresses in the dynamic domain name cache. The DNS client does not need to send a request to the DNS server for a repeated query next time. The aged mappings are removed from the cache, and latest entries are required from the DNS server. The DNS server decides how long a mapping is valid, and the DNS client gets the aging information from DNS responses.
DNS suffixes
The DNS client holds a list of suffixes which the user sets. The resolver can use the list to supply the missing part of incomplete names.
For example, a user can configure com as the suffix for aabbcc.com. The user only needs to type aabbcc to obtain the IP address of aabbcc.com because the resolver adds the suffix and delimiter before passing the name to the DNS server.
· If there is no dot (.) in the domain name (for example, aabbcc), the resolver considers this a host name and adds a DNS suffix before the query. If no match is found after all the configured suffixes are used, the original domain name (for example, aabbcc) is used for the query.
· If there is a dot (.) in the domain name (for example, www.aabbcc), the resolver directly uses this domain name for the query. If the query fails, the resolver adds a DNS suffix for another query.
· If the dot (.) is at the end of the domain name (for example, aabbcc.com.), the resolver considers it an FQDN and returns the query result, successful or failed. The dot at the end of the domain name is considered a terminating symbol.
The device supports static and dynamic DNS client services.
If an alias is configured for a domain name on the DNS server, the device can resolve the alias into the IP address of the host.
DNS proxy
A DNS proxy forwards DNS requests and replies between DNS clients and a DNS server.
As shown in Figure 2, a DNS client sends a DNS request to the DNS proxy, which forwards the request to the designated DNS server, and conveys the reply from the DNS server to the client.
The DNS proxy simplifies network management. When the DNS server address is changed, you can change the configuration on only the DNS proxy instead of on each DNS client.
Figure 2 DNS proxy application
A DNS proxy operates as follows:
1. A DNS client considers the DNS proxy as the DNS server, and sends a DNS request to the DNS proxy. The destination address of the request is the IP address of the DNS proxy.
2. The DNS proxy searches the local static domain name resolution table and dynamic domain name resolution cache after receiving the request. If the requested information is found, the DNS proxy returns a DNS reply to the client.
3. If the requested information is not found, the DNS proxy sends the request to the designated DNS server for domain name resolution.
4. After receiving a reply from the DNS server, the DNS proxy records the IP address-to-domain name mapping and forwards the reply to the DNS client.
With no DNS server or route to a DNS server, the DNS proxy does not forward DNS requests or answer requests from the DNS clients.
DNS spoofing
DNS spoofing is applied to the dial-up network, as shown in Figure 3.
· The device connects to the PSTN/ISDN network through a dial-up interface and triggers the establishment of a dial-up connection only when packets are to be forwarded through the dial-up interface.
· The device serves as a DNS proxy and is specified as a DNS server on the hosts. After the dial-up connection is established through the dial-up interface, the device dynamically obtains the DNS server address through DHCP or other autoconfiguration mechanisms.
Figure 3 DNS spoofing application
DNS spoofing enables the DNS proxy to send a spoofed reply with a configured IP address even if it cannot reach the DNS server because no dial-up connection is available. Without DNS spoofing, the proxy does not answer or forward a DNS request if it cannot find a local matching DNS entry or reach the DNS server.
In the network as shown in Figure 3, a host accesses the HTTP server in following these steps:
1. The host sends a DNS request to the device to resolve the domain name of the HTTP server into an IP address.
2. Upon receiving the request, the device searches the local static and dynamic DNS entries for a match. If the dial-up connection has not been established, the device does not know the DNS server address, or the DNS server address configured on the device is not reachable, the device spoofs the host by replying a configured IP address. The TTL of the DNS reply is 0. The device must have a route to the IP address with the dial-up interface as the output interface.
The IP address configured with DNS spoofing is not the actual IP address of the requested domain name, so the TTL of the DNS reply is set to 0 to prevent the DNS client from generating incorrect domain name-to-IP address mappings.
3. Upon receiving the reply, the host sends an HTTP request to the replied IP address.
4. When forwarding the HTTP request through the dial-up interface, the device establishes a dial-up connection with the network, and dynamically obtains the DNS server address through DHCP or other autoconfiguration mechanisms.
5. When the DNS reply ages out, the host sends a DNS request to the device again.
6. Then the device operates the same as a DNS proxy. For more information, see "DNS proxy."
7. After obtaining the IP address of the HTTP server, the host can access the HTTP server.
DNS configuration task list
|
Tasks at a glance |
|
(Required.) Configuring the IPv4 DNS client |
|
(Optional.) Configuring the DNS proxy |
|
(Optional.) Configuring DNS spoofing |
|
(Optional.) Specifying the source interface for DNS packets |
|
(Optional.) Configuring the DNS trusted interface |
Configuring the IPv4 DNS client
Configuring static domain name resolution
Static domain name resolution allows applications such as Telnet to contact hosts by using host names instead of IPv4 addresses.
On the public network or a VPN, each host name maps to only one IPv4 address. The most recent configuration for a host name takes effect.
To configure static domain name resolution:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Configure a mapping between a host name and an IPv4 address. |
ip host host-name ip-address [ vpn-instance vpn-instance-name ] |
By default, no mapping between a host name and an IPv4 address is configured. |
Configuring dynamic domain name resolution
To use dynamic domain name resolution, configure DNS servers so that DNS queries can be sent to a correct server for resolution. A DNS server manually configured takes precedence over the one dynamically obtained through DHCP, and a DNS server configured earlier takes precedence. A name query is first sent to the DNS server that has the highest priority. If no reply is received, it is sent to the DNS server that has the second highest priority, and thus in turn.
In addition, you can configure a DNS suffix that the system automatically adds to the provided domain name for resolution. A DNS suffix manually configured takes precedence over the one dynamically obtained through DHCP, and a DNS suffix configured earlier takes precedence. The DNS resolver first uses the suffix that has the highest priority. If the name resolution fails, the DNS resolver uses the suffix that has the second highest priority, and thus in turn.
Configuration procedure
To configure dynamic domain name resolution:
|
Command |
Remarks |
|
|
1. Enter system view. |
system-view |
N/A |
|
2. Specify a DNS server IPv4 address. |
dns server ip-address [ vpn-instance vpn-instance-name ] |
By default, no DNS server IP address is specified. |
|
3. (Optional.) Configure a DNS suffix. |
dns domain domain-name [ vpn-instance vpn-instance-name ] |
By default, no DNS suffix is configured and only the provided domain name is resolved. |
Configuring the DNS proxy
You can specify multiple DNS servers. The DNS proxy forwards a request to the DNS server that has the highest priority. If having not received a reply, it forwards the request to a DNS server that has the second highest priority, and thus in turn.
A DNS proxy forwards an IPv4 name query first to IPv4 DNS servers, and if no reply is received, it forwards the request to IPv6 DNS servers. The DNS proxy forwards an IPv6 name query first to IPv6 DNS servers, and if no reply is received, it forwards the request to IPv4 DNS servers.
To configure the DNS proxy:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable DNS proxy. |
dns proxy enable |
By default, DNS proxy is disabled. |
|
3. Specify a DNS server IPv4 address. |
dns server ip-address [ vpn-instance vpn-instance-name ] |
By default, no DNS server IP address is specified. |
Configuring DNS spoofing
DNS spoofing is effective only when:
· The DNS proxy is enabled on the device.
· No DNS server or route to any DNS server is specified on the device.
To configure DNS spoofing:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable DNS proxy. |
dns proxy enable |
By default, DNS proxy is disabled. |
|
3. Enable DNS spoofing and specify the translated IPv4 address. |
dns spoofing ip-address [ vpn-instance vpn-instance-name ] |
By default, no translated IP address is specified. |
Specifying the source interface for DNS packets
By default, the device uses the primary IP address of the output interface of the matching route as the source IP address of a DNS request. Therefore, the source IP address of the DNS packets may vary with DNS servers. In some scenarios, the DNS server only responds to DNS requests sourced from a specific IP address. In such cases, you must specify the source interface for the DNS packets so that the device can always uses the primary IP address of the specified source interface as the source IP address of DNS packets.
When sending IPv4 DNS request, the device uses the primary IPv4 address of the source interface as the source IP address of the DNS request. If no IP address is configured on the source interface, the DNS packet fails to be delivered.
You can configure only one source interface on the public network or a VPN. When you configure a new source interface, the last configuration takes effect.
To specify the source interface for DNS packets:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Specify the source interface for DNS packets. |
dns source-interface interface-type interface-number [ vpn-instance vpn-instance-name ] |
By default, no source interface for DNS packets is specified. If you specify the vpn-instance vpn-instance-name option, make sure the source interface is on the specified VPN. |
Configuring the DNS trusted interface
By default, an interface obtains DNS suffix and domain name server information from DHCP. The network attacker may act as the DHCP server to assign wrong DNS suffix and domain name server address to the device. As a result, the device fails to get the resolved IP address or may get the wrong IP address. With the DNS trusted interface specified, the device only uses the DNS suffix and domain name server information obtained through the trusted interface to avoid attack.
To configure the DNS trusted interface:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Specify the DNS trusted interface. |
dns trust-interface interface-type interface-number |
By default, no DNS trusted interface is specified. |
Displaying and maintaining IPv4 DNS
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
|
Display the domain name resolution table. |
display dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ] |
|
Display IPv4 DNS server information. |
display dns server [ dynamic ] [ vpn-instance vpn-instance-name ] |
|
Display DNS suffixes. |
display dns domain [ dynamic ] [ vpn-instance vpn-instance-name ] |
|
Clear information about the dynamic domain name cache. |
reset dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ] |
IPv4 DNS configuration examples
By default, Ethernet, VLAN, and aggregate interfaces are down. To configure such an interface, bring the interface up by executing the undo shutdown command.
Static domain name resolution configuration example
Network requirements
As shown in Figure 4, the device wants to access the host by using an easy-to-remember domain name rather than an IP address.
Configure static domain name resolution on the device so that the device can use the domain name host.com to access the host whose IP address is 10.1.1.2.
Configuration procedure
# Configure a mapping between host name host.com and IP address 10.1.1.2.
<Sysname> system-view
[Sysname] ip host host.com 10.1.1.2
# Use the ping host.com command to verify that the device can use static domain name resolution to resolve domain name host.com into IP address 10.1.1.2.
[Sysname] ping host.com
PING host.com (10.1.1.2): 56 data bytes
56 bytes from 10.1.1.2: icmp_seq=0 ttl=255 time=1.000 ms
56 bytes from 10.1.1.2: icmp_seq=1 ttl=255 time=1.000 ms
56 bytes from 10.1.1.2: icmp_seq=2 ttl=255 time=1.000 ms
56 bytes from 10.1.1.2: icmp_seq=3 ttl=255 time=1.000 ms
56 bytes from 10.1.1.2: icmp_seq=4 ttl=255 time=2.000 ms
--- host.com ping statistics ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/stddev = 1.000/1.200/2.000/0.400 ms
Dynamic domain name resolution configuration example
Network requirements
As shown in Figure 5, the device wants to access the host by using an easy-to-remember domain name rather than an IP address, and to request the DNS server on the network for an IP address by using dynamic domain name resolution. The IP address of the DNS server is 2.1.1.2/16 and the DNS server has a com domain, which stores the mapping between domain name host and IP address 3.1.1.1/16.
Configure dynamic domain name resolution and the domain name suffix com on the device that serves as a DNS client so that the device can use domain name host to access the host with the domain name host.com and the IP address 3.1.1.1/16.
Configuration procedure
Before performing the following configuration, make sure that the device and the host can reach each other, and that the IP addresses of the interfaces are configured as shown in Figure 5.
This configuration may vary with DNS servers. The following configuration is performed on a PC running Windows Server 2000.
1. Configure the DNS server:
a. Select Start > Programs > Administrative Tools > DNS.
The DNS server configuration page appears, as shown in Figure 6.
b. Right-click Forward Lookup Zones, select New Zone, and then follow the wizard to create a new zone named com.
Figure 6 Creating a zone
c. On the DNS server configuration page, right-click zone com, and select New Host.
d. On the page that appears, enter host name host and IP address 3.1.1.1.
e. Click Add Host.
The mapping between the IP address and host name is created.
Figure 8 Adding a mapping between domain name and IP address
2. Configure the DNS client:
# Specify the DNS server 2.1.1.2.
<Sysname> system-view
[Sysname] dns server 2.1.1.2
# Configure com as the name suffix.
[Sysname] dns domain com
Verifying the configuration
# Use the ping host command on the device to verify that the communication between the device and the host is normal and that the translated destination IP address is 3.1.1.1.
[Sysname] ping host
PING host.com (3.1.1.1): 56 data bytes
56 bytes from 3.1.1.1: icmp_seq=0 ttl=255 time=1.000 ms
56 bytes from 3.1.1.1: icmp_seq=1 ttl=255 time=1.000 ms
56 bytes from 3.1.1.1: icmp_seq=2 ttl=255 time=1.000 ms
56 bytes from 3.1.1.1: icmp_seq=3 ttl=255 time=1.000 ms
56 bytes from 3.1.1.1: icmp_seq=4 ttl=255 time=2.000 ms
--- host.com ping statistics ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/stddev = 1.000/1.200/2.000/0.400 ms
DNS proxy configuration example
Network requirements
When the IP address of the DNS server changes, you must configure the new IP address of the DNS server on each device on the LAN. To simplify network management, you can use the DNS proxy function.
As shown in Figure 9:
· Specify Device A as the DNS server of Device B (the DNS client). Device A acts as a DNS proxy. The IP address of the real DNS server is 4.1.1.1.
· Configure the IP address of the DNS proxy on Device B. DNS requests of Device B are forwarded to the real DNS server through the DNS proxy.
Configuration procedure
Before performing the following configuration, assume that Device A, the DNS server, and the host can reach each other and the IP addresses of the interfaces are configured as shown in Figure 9.
1. Configure the DNS server:
This configuration may vary with DNS servers. When a PC running Windows Server 2000 acts as the DNS server, see "Dynamic domain name resolution configuration example" for configuration information.
2. Configure the DNS proxy:
# Specify the DNS server 4.1.1.1.
<DeviceA> system-view
[DeviceA] dns server 4.1.1.1
# Enable DNS proxy.
[DeviceA] dns proxy enable
3. Configure the DNS client:
<DeviceB> system-view
# Specify the DNS server 2.1.1.2.
[DeviceB] dns server 2.1.1.2
Verifying the configuration
# Use the ping host.com command on Device B to verify the connection between the device and the host is normal and that the translated destination IP address is 3.1.1.1.
[DeviceB] ping host.com
PING host.com (3.1.1.1): 56 data bytes
56 bytes from 3.1.1.1: icmp_seq=0 ttl=255 time=1.000 ms
56 bytes from 3.1.1.1: icmp_seq=1 ttl=255 time=1.000 ms
56 bytes from 3.1.1.1: icmp_seq=2 ttl=255 time=1.000 ms
56 bytes from 3.1.1.1: icmp_seq=3 ttl=255 time=1.000 ms
56 bytes from 3.1.1.1: icmp_seq=4 ttl=255 time=2.000 ms
--- host.com ping statistics ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/stddev = 1.000/1.200/2.000/0.400 ms
Troubleshooting IPv4 DNS configuration
Symptom
After enabling dynamic domain name resolution, the user cannot get the correct IP address.
Solution
1. Use the display dns host ip command to verify that the specified domain name is in the cache.
2. If the specified domain name does not exist, check that the DNS client can communicate with the DNS server.
3. If the specified domain name is in the cache, but the IP address is incorrect, check that the DNS client has the correct IP address of the DNS server.
4. Verify that the mapping between the domain name and IP address is correct on the DNS server.
Overview
DNS provides only the static mappings between domain names and IP addresses. When the IP address of a node changes, your access to the node fails.
Dynamic Domain Name System (DDNS) can dynamically update the mappings between domain names and IP addresses for DNS servers to direct you to the latest IP address mapping to a domain name.
DDNS is supported by only IPv4 DNS, and is used to update the mappings between domain names and IPv4 addresses.
DDNS application
As shown in Figure 10, DDNS works on the client-server model.
· DDNS client—A device that needs to update the mapping between the domain name and the IP address dynamically on the DNS server when the client's IP address changes. An Internet user typically uses the domain name to access an application layer server such as an HTTP server or an FTP server. When its IP address changes, the application layer server runs as a DDNS client that sends a request to the DDNS server for updating the mapping between the domain name and the IP address.
· DDNS server—Informs the DNS server of latest mappings. When receiving the mapping update request from a DDNS client, the DDNS server tells the DNS server to re-map the domain name and the IP address of the DDNS client. Therefore, the Internet users can use the same domain name to access the DDNS client even if the IP address of the DDNS client has changed.
With the DDNS client configured, a device can dynamically update the latest mapping between its domain name and IP address on the DNS server through DDNS servers.
|
|
NOTE: The DDNS update process does not have a unified standard but depends on the DDNS server that the DDNS client contacts. |
DDNS client configuration task list
|
Tasks at a glance |
|
(Required.) Configuring a DDNS policy |
|
(Required.) Applying the DDNS policy to an interface |
Configuring a DDNS policy
A DDNS policy contains the DDNS server address, port number, login ID, password, time interval, associated SSL client policy, and update time interval. After creating a DDNS policy, you can apply it to multiple interfaces to simplify DDNS configuration.
The URL addresses configured for update requests vary by DDNS servers.
Table 1 Common URL addresses
|
DDNS server |
URL addresses for DDNS update requests |
|
www.3322.org |
http://username:[email protected]/dyndns/update?system=dyndns&hostname=<h>&myip=<a> |
|
DYNDNS |
http://username:password@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a> |
|
DYNS |
http://www.dyns.cx/postscript.php?username=username&password=password&host=<h>&ip=<a> |
|
ZONEEDIT |
http://username:[email protected]/auth/dynamic.html?host=<h>&dnsto=<a> |
|
TZO |
http://cgi.tzo.com/webclient/signedon.html?TZOName=<h>&Email=username&TZOKey=password&IPAddress=<a> |
|
EASYDNS |
http://username:[email protected]/dyn/ez-ipupdate.php?action=edit&myip=<a>&host_id=<h> |
|
HEIPV6TB |
http://username:[email protected]/nic/update?hostname=<h>&myip=<a> |
|
CHANGE-IP |
http://nic.changeip.com/nic/update?u=username&p=password&hostname=<h>&offline=1 |
|
NO-IP |
http://username:password@dynupdate.no-ip.com/nic/update?hostname=<h>&myip=<a> |
|
DHS |
http://username:password@members.dhs.org/nic/hosts?domain=dyn.dhs.org&hostname=<h>&hostscmd=edit&hostscmdstage=2&type=1&ip=<a> |
|
HP |
https://server-name/nic/update?group=group-name&user=username&password=password&myip=<a> |
|
ODS |
ods://username:password@update.ods.org |
|
GNUDIP |
gnudip://username:password@server-name |
|
PeanutHull |
oray://username:password@phservice2.oray.net |
Replace the parameters username and password in the URL with your actual login ID and password registered at the DDNS service provider's website.
HP and GNUDIP are common DDNS update protocols. The server-name parameter is the domain name or IP address of the service provider's server using one of the update protocols.
The URL address for an update request can start with:
· http://—The HTTP-based DDNS server.
· https://—The HTTPS-based DDNS server.
· ods://—The TCP-based ODS server.
· gnudip://—The TCP-based GNUDIP server.
· oray://—The TCP-based DDNS server.
members.3322.org and phservice2.oray.net are the domain names of DDNS servers. The domain names of PeanutHull DDNS servers can be phservice2.oray.net, phddns60.oray.net, client.oray.net, ph031.oray.net, and so on. Determine the domain name in the URL according to the actual situation.
The system automatically fills <h> with the FQDN upon a DDNS policy application to the interface and automatically fills <a> with the primary IP address of the interface to which the DDNS policy is applied. You can also manually specify an FQDN and an IP address in <h> and <a>. In this case, the FQDN specified upon the DDNS policy application does not take effect. You are not encouraged to manually change the <h> and <a> for your configuration may be incorrect. For more information about applying DDNS policies, see "Applying the DDNS policy to an interface."
|
|
TIP: The FQDN is the only identification of a node in the network. An FQDN consists of a local host name and a parent domain name and can be translated into an IP address. |
Configuration prerequisites
Visit the website of a DDNS service provider, register an account, and apply for a domain name for the DDNS client. When the DDNS client updates the mapping between the domain name and the IP address through the DDNS server, the DDNS server checks whether the account information is correct and whether the domain name to be updated belongs to the account.
Configuration procedure
To configure a DDNS policy:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Create a DDNS policy and enter its view. |
ddns policy policy-name |
By default, no DDNS policy is created. |
|
3. Specify a URL address for DDNS update requests. |
url request-url |
By default, no URL address is specified for DDNS update requests. |
|
4. (Optional.) Specify the parameter transmission method for sending DDNS update requests to HTTP/HTTPS-based DDNS servers. |
method { http-get | http-post } |
By default, http-get is used. Use the method http-post command to specify the POST method for DDNS update with a DHS server. |
|
5. (Optional.) Associate an SSL client policy with the DDNS policy. |
ssl-client-policy policy-name |
By default, no SSL client policy is associated with the DDNS policy. This step is only effective and a must for HTTP-based DDNS update requests. For SSL client policy configuration, see Security Configuration Guide. |
|
6. (Optional.) Specify the interval for sending update requests. |
interval days [ hours [ minutes ] ] |
By default, the time interval is one hour. |
Applying the DDNS policy to an interface
After you apply the DDNS policy to an interface and specify the FQDN for update, the DDNS client sends requests to the DDNS server to update the mapping between the domain name and the primary IP address of the interface at the specified interval.
Before you apply a DDNS policy to an interface, complete the following tasks:
· Specify the primary IP address of the interface and make sure that the DDNS server and the interface can reach each other.
· Configure static or dynamic domain name resolution to translate the domain name of the DDNS server into the IPv4 address. For more information, see "Configuring the IPv4 DNS client."
To apply the DDNS policy to an interface:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter interface view. |
interface interface-type interface-number |
N/A |
|
3. Apply the DDNS policy to the interface to update the mapping between the specified FQDN and the primary IP address of the interface, and enable DDNS update. |
ddns apply policy policy-name [ fqdn domain-name ] |
By default, no DDNS policy is applied to the interface, no FQDN is specified for update, and DDNS update is disabled. The fqdn domain-name option must be specified for all DDNS servers except the PeanutHull DDNS server. |
|
|
NOTE: If no FQDN is specified for the PeanutHull DDNS server, the DDNS server updates all domain names of the DDNS client account. If an FQDN is specified, the DDNS server updates only the mapping between the specified FQDN and the primary IP address. |
Displaying DDNS
Execute display commands in any view.
|
Task |
Command |
|
Display information about the DDNS policy. |
display ddns policy [ policy-name ] |
DDNS configuration examples
By default, Ethernet, VLAN, and aggregate interfaces are down. To configure such an interface, bring the interface up by executing the undo shutdown command.
DDNS configuration example 1
Network requirements
As shown in Figure 11, Switch is a Web server with the domain name whatever.3322.org.
Switch acquires the IP address through DHCP. Through DDNS service provided by www.3322.org, Switch informs the DNS server of the latest mapping between its domain name and IP address. Switch uses the DNS server to translate www.3322.org into the corresponding IP address.
Configuration procedure
Before configuring DDNS on Switch, register with username steven and password nevets at http://www.3322.org/, add Switch's host name-to-IP address mapping to the DNS server, and make sure the devices can reach each other.
# Create a DDNS policy named 3322.org, and enter its view.
<Switch> system-view
[Switch] ddns policy 3322.org
# Specify for DDNS update requests the URL address with the login ID steven and password nevets.
[Switch-ddns-policy-3322.org] url http://steven:[email protected]/dyndns/update?system=dyndns&hostname=<h>&myip=<a>
# Set the interval for sending DDNS update requests to 15 minutes.
[Switch-ddns-policy-3322.org] interval 0 0 15
[Switch-ddns-policy-3322.org] quit
# Specify the IP address of the DNS server as 1.1.1.1.
[Switch] dns server 1.1.1.1
# Apply DDNS policy 3322.org to VLAN-interface 2 to enable DDNS update and dynamically update the mapping between domain name whatever.3322.org and the primary IP address of VLAN-interface 2.
[Switch] interface vlan-interface 2
[Switch-Vlan-interface2] ddns apply policy 3322.org fqdn whatever.3322.org
After the preceding configuration is completed, Switch notifies the DNS server of its new domain name-to-IP address mapping through the DDNS server provided by www.3322.org, whenever the IP address of Switch changes. Therefore, Switch can always provide Web service at whatever.3322.org.
DDNS configuration example 2
Network requirements
As shown in Figure 12, Switch is a Web server with domain name whatever.gicp.cn.
Switch acquires the IP address through DHCP. Through the PeanutHull server, Switch informs the DNS server of the latest mapping between its domain name and IP address. The IP address of the DNS server is 1.1.1.1. Switch uses the DNS server to translate www.oray.cn into the corresponding IP address.
Configuration procedure
Before configuring DDNS on Switch, register with username steven and password nevets at http://www.oray.cn/, add Switch's host name-to-IP address mapping to the DNS server, and make sure the devices can reach each other.
# Create a DDNS policy named oray.cn and enter its view.
<Switch> system-view
[Switch] ddns policy oray.cn
# Specify for DDNS update requests the URL address with the login ID steven and password nevets.
[Switch-ddns-policy-oray.cn] url oray://steven:[email protected]
# Set the DDNS update request interval to 12 minutes.
[Switch-ddns-policy-oray.cn] interval 0 0 12
[Switch-ddns-policy-oray.cn] quit
# Specify the IP address of the DNS server as 1.1.1.1.
[Switch] dns server 1.1.1.1
# Apply the DDNS policy oray.cn to VLAN-interface 2 to enable DDNS update and to dynamically update the mapping between whatever.gicp.cn and the primary IP address of VLAN-interface 2.
[Switch] interface vlan-interface 2
[Switch-Vlan-interface2] ddns apply policy oray.cn fqdn whatever.gicp.cn
After the preceding configuration is completed, Switch notifies the DNS server of its new domain name-to-IP address mapping through the PeanutHull server, whenever the IP address of Switch changes. Therefore, Switch can always provide Web service at whatever.gicp.cn.
