When configuring DNS, go to these sections
for information you are interested in:
l
DNS
Overview
l
Configuring
the DNS Client
l
Configuring
the DNS Proxy
l
Displaying
and Maintaining DNS
l
DNS
Configuration Examples
l
Troubleshooting
DNS Configuration
This document only
covers IPv4 DNS configurations. For introduction to IPv6 DNS configurations,
refer to IPv6 Configuration.
Domain Name System (DNS) is a distributed
database used by TCP/IP applications to translate domain names into
corresponding IP addresses. With DNS, you can use easy-to-remember domain names
in some applications and let the DNS server translate them into correct IP
addresses.
There are two types of DNS services, static
and dynamic. After a user specifies a name, the device checks the local static
name resolution table for an IP address. If no IP address is available, it
contacts the DNS server for dynamic name resolution, which takes more time than
static name resolution. Therefore, some frequently queried name-to-IP address
mappings are stored in the local static name resolution table to improve efficiency.
1.1.1 Static Domain Name Resolution
The static domain name resolution means setting
up mappings between domain names and IP addresses. IP addresses of the corresponding
domain names can be found in the static domain resolution table when you use applications
such as telnet.
1.1.2 Dynamic Domain Name Resolution
I. Resolving procedure
Dynamic
domain name resolution is implemented by querying the DNS server. The
resolution procedure is as follows:
1)
A user program sends a name query to the
resolver of the DNS client.
2)
The DNS resolver looks up the local domain name cache
for a match. If a match is found, it sends the corresponding IP address back.
If not, it sends a query to the DNS server.
3)
The DNS server looks up the corresponding IP
address of the domain name in its DNS database. If no match is found, it sends a
query to a higher level DNS server. This process continues until a result, whether
successful or not, is returned.
4)
The DNS client returns the resolution result to
the application after receiving a response from the DNS server.
Figure 1-1 Dynamic domain name
resolution
Figure 1-1 shows the
relationship between the user program, DNS client, and DNS server.
The resolver and cache comprise the DNS client.
The user program and DNS client can run on the same device or different devices,
while the DNS server and the DNS client usually run on different devices.
Dynamic domain name resolution allows the
DNS client to store latest mappings between domain names and IP addresses in
the dynamic domain name cache. There is no need to send a request to the DNS server
for a repeated query next time. The aged mappings are removed from the cache after
some time, and latest entries are required from the DNS server. The DNS server decides
how long a mapping is valid, and the DNS client gets the aging information from
DNS messages.
II. DNS suffixes
The DNS client normally holds a list of
suffixes which can be defined by users. It is used when the name to be resolved
is incomplete. The resolver can supply the missing part. For example, a user
can configure com as the suffix for aabbcc.com. The user only needs to type
aabbcc to get the IP address of aabbcc.com. The resolver can add the suffix and
delimiter before passing the name to the DNS server.
l
If there is no dot in the domain name (for
example, aabbcc), the resolver will consider this a host name and add a DNS suffix
before query. If no match is found after all the configured suffixes are used
respectively, the original domain name (for example, aabbcc) is used for query.
l
If there is a dot in the domain name (for
example, www.aabbcc), the resolver will directly use this domain name for query.
If the query fails, the resolver adds a DNS suffix for another query.
l
If the dot is at the end of the domain name (for
example, aabbcc.com.), the resolver will consider it a fully qualified domain
name (FQDN) and return the query result, successful or failed. Hence, the dot “.”
at the end of the domain name is called the terminating symbol.
Currently, the device supports static and
dynamic DNS services.
If an alias is
configured for a domain name on the DNS server, the device can resolve the
alias into the IP address of the host.
1.1.3 DNS Proxy
I. Introduction to DNS proxy
A DNS proxy forwards DNS requests and replies
between DNS clients and a DNS server.
As shown in Figure 1-2, a DNS client sends a DNS
request to the DNS proxy, which forwards the request to the designated DNS
server, and conveys the reply from the DNS server to the client.
The DNS proxy simplifies network
management. When the DNS server address is changed, you only need to change the
configuration on the DNS proxy instead of on each DNS client.
Figure 1-2 DNS proxy networking application
II. Operation of a DNS proxy
1)
A DNS client considers the DNS proxy as the DNS
server, and sends a DNS request to the DNS proxy, that is, the destination
address of the request is the IP address of the DNS proxy.
2)
The DNS proxy searches the local static domain
name resolution table after receiving the request. If the requested information
exists in the table, the DNS proxy returns a DNS reply to the client.
3)
If the requested information does not exist in
the static domain name resolution table, the DNS proxy sends the request to the
designated DNS server for domain name resolution.
4)
After receiving a reply from the DNS server, the
DNS proxy forwards the reply to the DNS client.
Follow these steps to configure static domain
name resolution:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
––
|
|
Configure a mapping between a host name
and IP address in the static name resolution table
|
ip host
hostname ip-address
|
Required
Not configured by default.
|
The IP address you last assign to the host name will overwrite the
previous one if there is any.
You may create up to 50 static mappings between domain names and IP
addresses.
1.2.2 Configuring Dynamic Domain Name Resolution
Follow these steps to configure dynamic domain
name resolution:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enable dynamic domain name resolution
|
dns resolve
|
Required
Disabled by default.
|
|
Specify a DNS server
|
dns server ip-address
|
Required
Not specified by default
|
|
Configure a domain name suffix
|
dns domain domain-name
|
Optional
Not configured by default
|
You may configure
up to six DNS servers and ten DNS suffixes.
1.3 Configuring the DNS Proxy
Follow these steps to configure the DNS
proxy:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enable DNS proxy
|
dns proxy enable
|
Required
Disabled by default.
|
|
To do…
|
Use the command…
|
Remarks
|
|
Display the
static domain name resolution table
|
display
ip host
|
Available
in any view
|
|
Display
DNS server information
|
display
dns server [ dynamic ]
|
|
Display
domain name suffixes
|
display
dns domain [ dynamic ]
|
Available
in any view
|
|
Display
the information of the dynamic domain name cache
|
display
dns dynamic-host
|
|
Display the DNS proxy table
|
display dns proxy table
|
|
Clear the information of the dynamic domain
name cache
|
reset dns dynamic-host
|
Available in user view
|
1.5 DNS Configuration Examples
I. Network requirements
Switch uses the static domain name
resolution to access Host with IP address 10.1.1.2 through domain name host.com.
II. Network diagram
Figure
1-3 Network diagram for static domain name
resolution
III. Configuration procedure
# Configure a mapping between host name
host.com and IP address 10.1.1.2.
<Sysname> system-view
[Sysname] ip host host.com 10.1.1.2
# Execute the ping host.com command to
verify that the Switch can use the static domain name resolution to get the IP
address 10.1.1.2 corresponding to host.com.
[Sysname] ping host.com
PING host.com (10.1.1.2):
56 data bytes, press CTRL_C to
break
Reply from 10.1.1.2: bytes=56
Sequence=1 ttl=128 time=2 ms
Reply from 10.1.1.2: bytes=56
Sequence=2 ttl=128 time=2 ms
Reply from 10.1.1.2: bytes=56
Sequence=3 ttl=128 time=2 ms
Reply from 10.1.1.2: bytes=56
Sequence=4 ttl=128 time=2 ms
Reply from 10.1.1.2: bytes=56
Sequence=5 ttl=128 time=2 ms
--- host.com ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/2/2 ms
I. Network requirements
l
The IP address of the DNS server is 2.1.1.2/16
and the name suffix is com.
l
Switch serving as a DNS client uses the dynamic domain
name resolution and the suffix to access the host with the domain name host.com
and the IP address 3.1.1.1/16.
II. Network diagram
Figure 1-4 Network diagram for dynamic domain
name resolution
III. Configuration procedure
l
Before performing the following configuration,
make sure that there is a route between the device and the host, and configurations
are done on both the device and the host. For the IP addresses of the interfaces,
see Figure 1-4.
l
This configuration may vary with different DNS
servers. The following configuration is performed on a Windows 2000 server.
1)
Configure the DNS server
# Enter DNS
server configuration page.
Select Start
> Programs > Administrative Tools > DNS.
# Create zone
com.
In Figure 1-5, right
click Forward Lookup Zones, select New zone, and then follow the
instructions to create a new zone.
Figure 1-5 Create a zone
# Create a mapping between the host name
and IP address.
Figure 1-6 Add a host
In Figure 1-6,
right click zone com, and then select New Host to bring up a
dialog box as shown in Figure
1-7. Enter host name host and IP address 3.1.1.1.
Figure 1-7 Add a mapping between domain
name and IP address
2)
Configure the DNS client
# Enable dynamic domain name resolution.
<Sysname> system-view
[Sysname] dns resolve
# Specify the DNS server 2.1.1.2.
[Sysname] dns server 2.1.1.2
# Configure com as the name suffix.
[Sysname] dns domain com
3)
Configuration verification
# Execute the ping host command on
the device to verify that the communication between the device and the host is
normal and that the corresponding destination IP address is 3.1.1.1.
[Sysname] ping host
Trying DNS resolve, press CTRL_C to
break
Trying DNS server (2.1.1.2)
PING host.com (3.1.1.1):
56 data bytes, press CTRL_C to
break
Reply from 3.1.1.1: bytes=56
Sequence=1 ttl=126 time=3 ms
Reply from 3.1.1.1: bytes=56
Sequence=2 ttl=126 time=1 ms
Reply from 3.1.1.1: bytes=56
Sequence=3 ttl=126 time=1 ms
Reply from 3.1.1.1: bytes=56
Sequence=4 ttl=126 time=1 ms
Reply from 3.1.1.1: bytes=56
Sequence=5 ttl=126 time=1 ms
--- host.com ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/3 ms
I. Network requirements
l
Specify Switch A as the DNS server of Switch B (the
DNS client).
l
Switch A acts as a DNS proxy. The IP address of
the real DNS server is 4.1.1.1.
l
Switch B implements domain name resolution
through Switch A.
II. Network diagram
Figure 1-8 Network diagram for DNS proxy
III. Configuration procedure
Before performing
the following configuration, assume that Switch A, the DNS server, and the host
are reachable to each other and the IP addresses of the interfaces are
configured as shown in Figure
1-8.
1)
Configure the DNS server
This
configuration may vary with different DNS servers. When a Windows 2000 server
acts as the DNS server, refer to Dynamic Domain Name Resolution Configuration Example for related configuration information.
2)
Configure the DNS proxy
# Specify
the DNS server 4.1.1.1.
<SwitchA> system-view
[SwitchA] dns server 4.1.1.1
# Enable DNS proxy.
[SwitchA] dns proxy enable
3)
Configure the DNS client
# Enable the domain name resolution function.
<SwitchB> system-view
[SwitchB] dns resolve
# Specify the DNS server 2.1.1.2.
[SwitchB] dns server 2.1.1.2
4)
Configuration verification
# Execute the ping host.com command
on Switch B to verify that the host can be pinged after the host’s IP
address 3.1.1.1 is resolved.
[SwitchB] ping host.com
Trying DNS resolve, press CTRL_C to
break
Trying DNS server (2.1.1.2)
PING host.com (3.1.1.1):
56 data bytes, press CTRL_C to
break
Reply from 3.1.1.1: bytes=56
Sequence=1 ttl=126 time=3 ms
Reply from 3.1.1.1: bytes=56
Sequence=2 ttl=126 time=1 ms
Reply from 3.1.1.1: bytes=56
Sequence=3 ttl=126 time=1 ms
Reply from 3.1.1.1: bytes=56
Sequence=4 ttl=126 time=1 ms
Reply from 3.1.1.1: bytes=56
Sequence=5 ttl=126 time=1 ms
--- host.com ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/3 ms
I. Symptom
After
enabling the dynamic domain name resolution, the user cannot get the correct IP
address.
II. Solution
l
Use the display dns dynamic-host command
to verify that the specified domain name is in the cache.
l
If there is no defined domain name, check that
dynamic domain name resolution is enabled and the DNS client can communicate
with the DNS server.
l
If the specified domain name is in the cache,
but the IP address is incorrect, check that the DNS client has the correct IP
address of the DNS server.
l
Verify the mapping between the domain name and
IP address is correct on the DNS server.
