DNS commands 1

display dns domain· 1

display dns host 2

display dns server 3

dns domain· 4

dns proxy enable· 5

dns server 5

dns source-interface· 6

dns spoofing· 7

dns trust-interface· 7

ip host 8

reset dns host 9

DDNS commands 1

ddns apply policy· 1

ddns policy· 2

display ddns policy· 2

interval 4

method· 5

ssl client policy· 5

url 6

display dns domain

Use display dns domain to display the domain name suffixes.

Syntax

display dns domain [ dynamic ] [ vpn-instance vpn-instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols. If you do not specify this keyword, the command displays the statically configured and dynamically obtained domain name suffixes.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN by its name, a case-sensitive string of 1 to 31 characters. To display domain name suffixes on the public network, do not use this option.

Examples

# Display domain name suffixes on the public network.

<Sysname> display dns domain

Type:

  D: Dynamic    S: Static

 

No.    Type   Domain suffix

1      S      com

2      D      net

Table 1 Command output

Field	Description
No.	Sequence number.
Type	Domain name suffix type: ·       S—A statically configured domain name suffix. ·       D—A domain name suffix dynamically obtained through DHCP or other protocols.
Domain suffix	Domain name suffixes.

 

Related commands

dns domain

display dns host

Use display dns host to display information about domain name-to-IP address mappings.

Syntax

display dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address.

ipv6: Specifies type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address. The device does not support configuring the mapping between a host name and an IPv6 address.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN by its name, a case-sensitive string of 1 to 31 characters. To display domain name-to-IP address mappings for the public network, do not use this option.

Usage guidelines

If you do not specify the ip keyword, the command displays domain name-to-IP address mappings of all query types.

Examples

# Display domain name-to-IP address mappings of all query types.

<Sysname> display dns host

Type:

  D: Dynamic    S: Static

 

Total number: 3

No.  Host name         Type  TTL        Query type   IP addresses

1    sample.com        D     3132       A            192.168.10.1

                                                     192.168.10.2

                                                     192.168.10.3

2    zig.sample.com    S     -          A            192.168.1.1

3    sample.net        S     -          AAAA         FE80::4904:4448

Table 2 Command output

Field	Description
No.	Sequence number.
Host name	Domain name.
Type	Domain name-to-IP address mapping type: ·       S—A static mapping configured by the ip host command. ·       D—A mapping dynamically obtained through DHCP or other protocols.
TTL	Time in seconds that a mapping can be stored in the cache. For a static mapping, a hyphen (-) is displayed.
Query type	Query type, type A or type AAAA.
IP addresses	Replied IP address. For type A query, the replied IP address is an IPv4 address.

 

Related commands

·           ip host

·           reset dns host

display dns server

Use display dns server to display IPv4 DNS server information.

Syntax

display dns server [ dynamic ] [ vpn-instance vpn-instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

dynamic: Displays IPv4 DNS server information dynamically obtained through DHCP or other protocols. If you do not specify this keyword, the command displays statically configured and dynamically obtained IPv4 DNS server addresses.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN by its name, a case-sensitive string of 1 to 31 characters. To display IPv4 DNS server information for the public network, do not use this option.

Examples

# Display the IPv4 DNS server information for the public network.

<Sysname> display dns server

Type:

  D: Dynamic    S: Static

 

No. Type  IP address

1   S     202.114.0.424

2   S     169.254.65.125

Table 3 Command output

Field	Description
No.	Sequence number.
Type	DNS server type: ·       S—A manually configured DNS server. ·       D—DNS server information dynamically obtained through DHCP or other protocols.
IP address	IPv4 address of the DNS server.

 

Related commands

dns server

dns domain

Use dns domain to configure a domain name suffix.

Use undo dns domain to delete the specified domain name suffix.

Syntax

dns domain domain-name [ vpn-instance vpn-instance-name ]

undo dns domain domain-name [ vpn-instance vpn-instance-name ]

Default

No domain name suffix is configured. Only the provided domain name is resolved.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

domain-name: Specifies a domain name suffix. It is a dot-separated, case-insensitive string that can include letters, digits, hyphens (-), underscores (_), and dots (.) (for example, aabbcc.com). The domain name suffix can contain at most 253 characters, and each separated string contains no more than 63 characters.

vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN, a case-sensitive string of 1 to 31 characters. To specify a domain name suffix on the public network, do not use this option.

Usage guidelines

The system automatically adds the suffixes in the order they are configured to the domain name string received from a host for resolution.

Examples

# Configure the domain name suffix com for the public network.

<Sysname> system-view

[Sysname] dns domain com

Related commands

display dns domain

dns proxy enable

Use dns proxy enable to enable DNS proxy.

Use undo dns proxy enable to restore the default.

Syntax

dns proxy enable

undo dns proxy enable

Default

DNS proxy is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Examples

# Enable DNS proxy.

<Sysname> system-view

[Sysname] dns proxy enable

dns server

Use dns server to specify an IPv4 address of a DNS server.

Use undo dns server to remove the specified IPv4 address of a DNS server. If you do not specify any IPv4 address, the undo dns server command removes all DNS server IPv4 addresses on the public network or the specified VPN.

Syntax

dns server ip-address [ vpn-instance vpn-instance-name ]

undo dns server [ ip-address ] [ vpn-instance vpn-instance-name ]

Default

No DNS server is specified.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

ip-address: Specifies an IPv4 address of a DNS server.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN by its name, a case-sensitive string of 1 to 31 characters. To specify an IPv4 address on the public network, do not use this option.

Examples

# Specify the IPv4 address of a DNS server as 172.16.1.1.

<Sysname> system-view

[Sysname] dns server 172.16.1.1

Related commands

display dns server

dns source-interface

Use dns source-interface to specify the source interface for DNS packets.

Use undo dns source-interface to restore the default.

Syntax

dns source-interface interface-type interface-number [ vpn-instance vpn-instance-name ]

undo dns source-interface interface-type interface-number [ vpn-instance vpn-instance-name ]

Default

No source interface for DNS packets is specified. The device uses the primary IP address of the output interface of the matching route as the source IP address for a DNS request.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN by its name, a case-sensitive string of 1 to 31 characters. To specify a source interface on the public network, do not use this option.

Usage guidelines

The device uses the primary IPv4 address of the specified source interface as the source IP address of DNS query.

You can specify only one source interface for the public network or each VPN. If you use the command multiple times, the most recent configuration takes effect.

Make sure the specified interface is on the VPN specified by the vpn-instance vpn-instance-name option.

Examples

# Specify VLAN-interface 2 as the source interface for DNS packets on the public network.

<Sysname> system-view

[Sysname] dns source-interface vlan-interface 2

dns spoofing

Use dns spoofing to enable DNS spoofing and specify the IPv4 address to spoof DNS query requests.

Use undo dns spoofing to restore the default.

Syntax

dns spoofing ip-address [ vpn-instance vpn-instance-name ]

undo dns spoofing ip-address [ vpn-instance vpn-instance-name ]

Default

DNS spoofing is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

ip-address: Specifies the IPv4 address used to spoof name query requests.

vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN, a case-sensitive string of 1 to 31 characters. To enable DNS spoofing function on the public network, do not use this option.

Usage guidelines

Use the dns spoofing command together with the dns proxy enable command. DNS spoofing enables the DNS proxy to send a spoofed reply with a configured IP address even if it cannot reach the DNS server because no dial-up connection is available. Without DNS spoofing, the proxy does not answer or forward a DNS request if it cannot find a local matching DNS entry or reach the DNS server.

You can specify only one replied IPv4 address on the DNS spoofing device for the public network or each VPN.

If you use the command multiple times, the most recent configuration takes effect.

Examples

# Enable DNS spoofing on the public network and specify the IPv4 address 1.1.1.1 to spoof DNS requests.

<Sysname> system-view

[Sysname] dns proxy enable

[Sysname] dns spoofing 1.1.1.1

Related commands

dns proxy enable

dns trust-interface

Use dns trust-interface to specify the DNS trusted interface.

Use undo dns trust-interface to remove the specified DNS trusted interface. If you do not specify any interface, the undo dns trust-interface command removes all DNS trusted interfaces.

Syntax

dns trust-interface interface-type interface-number

undo dns trust-interface [ interface-type interface-number ]

Default

No trusted interface is specified.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

By default, an interface obtains DNS suffix and DNS server information from DHCP. A network attacker may act as the DHCP server to assign wrong DNS suffix and DNS server address to the device. As a result, the device fails to obtain the resolved IP address or may get the wrong IP address. With the DNS trusted interface specified, the device only uses the DNS suffix and DNS server information obtained through the trusted interface to avoid attack.

Examples

# Specify VLAN-interface 2 as the DNS trusted interface.

<Sysname> system-view

[Sysname] dns trust-interface vlan-interface 2

ip host

Use ip host to create a host name-to-IPv4 address mapping.

Use undo ip host to remove a mapping.

Syntax

ip host host-name ip-address [ vpn-instance vpn-instance-name ]

undo ip host host-name ip-address [ vpn-instance vpn-instance-name ]

Default

No mappings are created.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

host-name: Specifies a host name, a case-insensitive string of 1 to 253 characters. It can include letters, digits, hyphens (-), underscores (_), and dots (.).

ip-address: Specifies the IPv4 address of the host.

vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN, a case-sensitive string of 1 to 31 characters. To create a host name-to-IP address mapping on the public network, do not specify this option.

Usage guidelines

On the public network or a VPN, each host name maps to only one IPv4 address. If you use the command multiple times, the most recent configuration takes effect.

Examples

# Map the IPv4 address 10.110.0.1 to the host name aaa on the public network.

<Sysname> system-view

[Sysname] ip host aaa 10.110.0.1

Related commands

display dns host

reset dns host

Use reset dns host to clear information about the dynamic DNS cache.

Syntax

reset dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address.

ipv6: Specifies type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address. The device does not support configuring the mapping between a host name and an IPv6 address.

vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN, a case-sensitive string of 1 to 31 characters. If no VPN is specified, the command clears the domain name-to-IPv6 address mapping on the public network.

Usage guidelines

Using the reset dns host command without the ip keyword clears the dynamic DNS cache information about all query types.

Examples

# Clear the dynamic DNS cache information about all query types on the public network.

<Sysname> reset dns host

Related commands

display dns host

ddns apply policy

Use ddns apply policy to apply the specified DDNS policy to the interface, update the mapping between the specified FQDN and the primary IP address of the interface, and enable DDNS update.

Use undo ddns apply policy to remove the DDNS policy applied to the interface and stop DDNS update.

Syntax

ddns apply policy policy-name [ fqdn domain-name ]

undo ddns apply policy policy-name

Default

No DDNS policy and FQDN for update are specified on the interface, and DDNS update is disabled.

Views

Interface view

Predefined user roles

network-admin

mdc-admin

Parameters

policy-name: Specifies the DDNS policy name, a case-insensitive string of 1 to 32 characters.

fqdn domain-name: Specifies the FQDN to replace <h> in the URL for DDNS update. The domain-name argument specifies a dot-separated, case-insensitive character string that includes letters, digits, hyphens (-), underscores (_), and dots (.) (for example, aabbcc.com). This domain name can contain at most 253 characters, and each separated string contains no more than 63 characters.

Usage guidelines

You can apply up to four DDNS policies to an interface.

If you use the ddns apply policy command multiple times with the same DDNS policy name but different FQDNs, the most recent configuration takes effect, and the device initiates a DDNS update request immediately.

Examples

# Apply the DDNS policy steven_policy to VLAN-interface 2 to update the domain name to IP address mapping for FQDN www.whatever.com and enable DDNS update.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] ddns apply policy steven_policy fqdn www.whatever.com

Related commands

·           ddns policy

·           display ddns policy

ddns policy

Use ddns policy to create a DDNS policy and enter its view.

Use undo ddns policy to delete a DDNS policy.

Syntax

ddns policy policy-name

undo ddns policy policy-name

Default

No DDNS policy is created.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

policy-name: Specifies the DDNS policy name, a case-insensitive string of 1 to 32 characters.

Usage guidelines

You can create up to 16 DDNS policies on the device.

Examples

# Create a DDNS policy steven_policy and enter its view.

<Sysname> system-view

[Sysname] ddns policy steven_policy

Related commands

·           ddns apply policy

·           display ddns policy

display ddns policy

Use display ddns policy to display information about DDNS policies.

Syntax

display ddns policy [ policy-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

policy-name: Specifies the DDNS policy name, a case-insensitive string of 1 to 32 characters. If no DDNS policy is specified, the command displays information about all DDNS policies.

Examples

# Display information about the DDNS policy steven_policy.

<Sysname> display ddns policy steven_policy

DDNS policy: steven_policy

  URL              : http://steven:[email protected]/dyndns/update?

                     system=dyndns&hostname=<h>&myip=<a> get

  Method           : GET

  SSL client policy:

  Interval         : 1 days 0 hours 1 minutes

# Display information about all DDNS policies.

<Sysname> display ddns policy

DDNS policy: steven_policy

  URL              : http://steven:[email protected]/dyndns/update?system=

                     dyndns&hostname=<h>&myip=<a>

  Method           : GET

  SSL client policy:

  Interval         : 0 days 0 hours 30 minutes 

 

DDNS policy: tom-policy

  URL              : http://tom:[email protected]/dyndns/update?system=

                     dyndns&hostname=<h>&myip=<a>

  Method           : GET

  SSL client policy:

  Interval         : 0 days 0 hours 15 minutes

 

DDNS policy: u-policy

  URL              : oray://username:[email protected]

  Method           : -

  SSL client policy:

  Interval         : 0 days 0 hours 15 minutes

Table 4 Command output

Field	Description
DDNS policy	DDNS policy name.
URL	URL address for the DDNS update service. This field is blank if no URL address is configured.
Method	Parameter transmission method used to send HTTP/HTTPS-based DDNS update requests. Method types include GET and POST.
SSL client policy	Name of the associated SSL client policy. This field is blank if no SSL client policy is associated.
Interval	Interval for sending DDNS update requests.

 

Related commands

ddns policy

interval

Use interval to specify the interval for sending DDNS update requests after DDNS update is enabled.

Use undo interval to restore the default value.

Syntax

interval days [ hours [ minutes ] ]

undo interval

Default

The DDNS update request interval is one hour.

Views

DDNS policy view

Predefined user roles

network-admin

mdc-admin

Parameters

days: Days in the range of 0 to 365.

hours: Hours in the range of 0 to 23.

minutes: Minutes in the range of 0 to 59.

Usage guidelines

A DDNS update request is initiated immediately after the primary IP address of the interface changes or the link state of the interface changes from down to up.

If you set the interval to 0, the device does not periodically initiate any DDNS update request, but initiates a DDNS update request when the primary IP address of the interface changes or the link state of the interface changes from down to up.

If you use the interval command multiple times with different time intervals, the most recent configuration takes effect. If you change the interval for an applied DDNS policy, the device immediately initiates a DDNS update request and sets the interval as the update interval.

Examples

# Set the interval for sending DDNS update requests to one day and one minute for the DDNS policy steven_policy.

<Sysname> system-view

[Sysname] ddns policy steven_policy

[Sysname-ddns-policy-steven_policy] interval 1 0 1

Related commands

·           ddns policy

·           display ddns policy

method

Use method to specify the parameter transmission method for sending DDNS update requests to HTTP/HTTPS-based DDNS servers.

Use undo method to restore the default.

Syntax

method { http-get | http-post }

undo method

Default

The method http-get applies.

Views

DDNS policy view

Predefined user roles

network-admin

mdc-admin

Parameters

http-get: Uses the get operation.

http-post: Uses the post operation.

Usage guidelines

This command applies to DDNS updates in HTTP/HTTPS. If the DDNS server uses HTTP or HTTPS service, choose a parameter transmission method compatible with the DDNS server. For example, a DHS server supports the http-post method.

If the DDNS policy has been applied to an interface, a DDNS update is sent immediately after the parameter transmission is changed.

Examples

# Specify the parameter transmission method as http-post for DDNS update request for DDNS policy steven_policy.

<Sysname> system-view

[Sysname] ddns policy steven_policy

[Sysname-ddns-policy-steven_policy] method http-post

Related commands

·           ddns policy

·           display ddns policy

ssl client policy

Use ssl-client-policy to associate a specific SSL client policy with a DDNS policy.

Use undo ssl-client-policy to cancel the association.

Syntax

ssl-client-policy policy-name

undo ssl-client-policy

Default

No SSL client policy is associated with any DDNS policy.

Views

DDNS policy view

Predefined user roles

network-admin

mdc-admin

Parameters

policy-name: Specifies the SSL client policy name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

The SSL client policy is effective only for HTTPS-based DDNS update requests.

If you use the ssl-client-policy command multiple times with different SSL client policies, the most recent configuration takes effect.

Examples

# Associate the SSL client policy ssl_policy with the DDNS policy steven_policy.

<Sysname> system-view

[Sysname] ddns policy steven_policy

[Sysname-ddns-policy-steven_policy] ssl-client-policy ssl_policy

Related commands

·           ddns policy

·           display ddns policy

·           ssl-client-policy (Security Command Reference)

url

Use url to specify the URL address for DDNS update requests.

Use undo url to delete the URL address.

Syntax

url request-url

undo url

Default

No URL address is specified for DDNS update requests.

Views

DDNS policy view

Predefined user roles

network-admin

mdc-admin

Parameters

request-url: Specifies the URL address, a case-sensitive string of 1 to 240 characters containing the login ID, password, and other information.

Usage guidelines

The URL addresses configured for update requests vary by DDNS servers. Common DDNS server URL address format are shown in Table 5.

Table 5 Common URL addresses for DDNS update request

DDNS server	URL addresses for DDNS update requests
www.3322.org	http://username:password@members.3322.org/dyndns/update?system=dyndns&hostname=<h>&myip=<a>
DYNDNS	http://username:password@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
DYNS	http://www.dyns.cx/postscript.php?username=username&password=password&host=<h>&ip=<a>
ZONEEDIT	http://username:password@dynamic.zoneedit.com/auth/dynamic.html?host=<h>&dnsto=<a>
TZO	http://cgi.tzo.com/webclient/signedon.html?TZOName=<h>&Email=username&TZOKey=password&IPAddress=<a>
EASYDNS	http://username:password@members.easydns.com/dyn/ez-ipupdate.php?action=edit&myip=<a>&host_id=<h>
HEIPV6TB	http://username:password@dyn.dns.he.net/nic/update?hostname=<h>&myip=<a>
CHANGE-IP	http://nic.changeip.com/nic/update?u=username&p=password&hostname=<h>&offline=1
NO-IP	http://username:password@dynupdate.no-ip.com/nic/update?hostname=<h>&myip=<a>
DHS	http://username:password@members.dhs.org/nic/hosts?domain=dyn.dhs.org&hostname=<h>&hostscmd=edit&hostscmdstage=2&type=1&ip=<a>
HP	https://server-name/nic/update?group=group-name&user=username&password=password&myip=<a>
ODS	ods://username:password@update.ods.org
GNUDIP	gnudip://username:password@server-name
PeanutHull	oray://username:password@phservice2.oray.net

 

Replace the parameters username and password in the URL with your actual login ID and password for the DDNS server.

HP and GNUDIP are common DDNS update protocols. The server-name parameter is the domain name or IP address of the service provider's server using one of the update protocols.

The URL address for an update request can start with:

·           http://—The HTTP-based DDNS server.

·           https://—The HTTPS-based DDNS server.

·           ods://—The TCP-based ODS server.

·           gnudip://—The TCP-based GNUDIP server.

·           oray://—The TCP-based DDNS server.

members.3322.org and phservice2.oray.net are the domain names of DDNS servers. The domain names of PeanutHull DDNS servers can be phservice2.oray.net, phddns60.oray.net, client.oray.net, ph031.oray.net, and so on. Determine the domain name in the URL according to the actual situation.

The port number in the URL address is optional. If no port number is specified, the default port number is used. HTTP uses port 80, HTTPS uses port 443, and the PeanutHull server uses port 6060.

The system automatically fills <h> with the FQDN that is specified when the DDNS policy is applied to the interface and automatically fills <a> with the primary IP address of the interface to which the DDNS policy is applied. You may also manually specify an FQDN and an IP address in <h> and <a>, respectively. After that, the FQDN that is specified when the DDNS policy is applied becomes ineffective. However, manual configuration of <h> and <a> is not recommended.

You cannot specify an FQDN and IP address in the URL address for contacting the PeanutHull server. Alternatively, you can specify an FQDN when applying the DDNS policy to an interface. The system automatically uses the primary IP address of the interface to which the DDNS policy is applied as the IP address for DDNS update.

To avoid misinterpretation, do not include colons (:), at signs (@), and question marks (?) in your login ID or password, even if you can do so.

If you use the url command multiple times with different URL addresses, the most recent configuration takes effect.

Examples

# Specify the URL address for DDNS policy steven_policy with login ID steven and password nevets. The device contacts www.3322.org for DDNS update.

<Sysname> system-view

[Sysname] ddns policy steven_policy

[Sysname-ddns-policy-steven_policy] url http://steven:[email protected]/dyndns/update?system=dyndns&hostname=<h>&myip=<a>

Related commands

·           ddns policy

·           display ddns policy