Contents

DNS commands· 1

display dns domain· 1

display dns host 1

display dns server 3

display ipv6 dns server 4

dns domain· 5

dns dscp· 5

dns host aging-time· 6

dns proxy enable· 7

dns server 7

dns source-interface· 8

dns spoofing· 9

dns trust-interface· 10

ip host 10

ipv6 dns dscp· 11

ipv6 dns server 12

ipv6 dns spoofing· 12

ipv6 host 13

reset dns host 14

 

DNS commands

display dns domain

Use display dns domain to display the domain name suffixes.

Syntax

display dns domain [ dynamic ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols. If you do not specify this keyword, the command displays the statically configured and dynamically obtained domain name suffixes.

Examples

# Display the statically configured and dynamically obtained domain name suffixes for the public network.

<Sysname> display dns domain

Type:

  D: Dynamic    S: Static

 

No.    Type   Domain suffix

1      S      com

2      D      net

Table 1 Command output

Field	Description
No.	Sequence number.
Type	Domain name suffix type: ·     S—A statically configured domain name suffix. ·     D—A domain name suffix dynamically obtained through DHCP or other protocols.
Domain suffix	Domain name suffixes.

‌

Related commands

dns domain

display dns host

Use display dns host to display information about domain name-to-IP address mappings.

Syntax

display dns host [ ip | ipv6 ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address.

ipv6: Specifies type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address.

Usage guidelines

If you do not specify the ip or ipv6 keyword, this command displays domain name-to-IP address mappings of all query types.

Examples

# Display domain name-to-IP address mappings of all query types in the static domain name resolution table and dynamic domain name resolution cache for the public network.

<Sysname> display dns host

Type:

  D: Dynamic    S: Static

 

Total number: 4

No.  Host name      Type TTL       Query type IP addresses      OutInterface

1    sample.com     D    3132      A          192.168.10.1      -

                                              192.168.10.2

                                              192.168.10.3

2    sample1.com    D    2400(a)   A          100.10.23.1

3    zig.sample.com S    -         A          192.168.1.1

4    sample.net     S    -         AAAA       FE80::4904:4448

Table 2 Command output

Field	Description
No.	Sequence number.
Host name	Domain name.
Type	Domain name-to-IP address mapping type: ·     S—A static mapping configured by the ip host or ipv6 host command. ·     D—A mapping dynamically obtained through dynamic domain name resolution.
TTL	Time in seconds that a mapping can be stored in the cache. (a) means that the aging time is set by the dns host aging-time command. If the DNS entry is permanently valid, this field displays Infinite. For a static mapping, this field displays a hyphen (-).
Query type	Query type: A and AAAA.
IP addresses	Replied IP address: ·     For a type A query, the replied IP address is an IPv4 address. ·     For a type AAAA query, the replied IP address is an IPv6 address.
OutInterface	Output interface specified by an application for DNS protocol packets. This field displays a hyphen (-) if the application does not specify an output interface.

 

Related commands

ip host

ipv6 host

reset dns host

display dns server

Use display dns server to display IPv4 DNS server information.

Syntax

display dns server [ dynamic ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

dynamic: Displays IPv4 DNS server information dynamically obtained through DHCP or other protocols. If you do not specify this keyword, the command displays statically configured and dynamically obtained IPv4 DNS server information.

Examples

# Display IPv4 DNS server information for the public network.

<Sysname> display dns server

Type:

  D: Dynamic    S: Static

 

No. Type  IP address

1   S     202.114.0.124

2   S     169.254.65.125

Table 3 Command output

Field	Description
No.	Sequence number.
Type	DNS server type: ·     S—A manually configured DNS server. ·     D—DNS server information dynamically obtained through DHCP or other protocols.
IP address	IPv4 address of the DNS server.

‌

Related commands

dns server

display ipv6 dns server

Use display ipv6 dns server to display IPv6 DNS server information.

Syntax

display ipv6 dns server [ dynamic ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

dynamic: Displays IPv6 DNS server information dynamically obtained through DHCP or other protocols. If you do not specify this keyword, the command displays the statically configured and dynamically obtained IPv6 DNS server information.

Examples

# Display IPv6 DNS server information for the public network.

<Sysname> display ipv6 dns server

Type:

  D: Dynamic    S: Static

 

No. Type  IPv6 address                             Outgoing Interface

1   S     2::2

Table 4 Command output

Field	Description
No.	Sequence number.
Type	DNS server type: ·     S—A manually configured DNS server. ·     D—DNS server information dynamically obtained through DHCP or other protocols.
IPv6 address	IPv6 address of the DNS server.
Outgoing Interface	Output interface.

 

Related commands

ipv6 dns server

dns domain

Use dns domain to configure a domain name suffix.

Use undo dns domain to delete the specified domain name suffix.

Syntax

dns domain domain-name

undo dns domain domain-name

Default

No domain name suffix is configured. Only the provided domain name is resolved.

Views

System view

Predefined user roles

network-admin

Parameters

domain-name: Specifies a domain name suffix. It is a dot-separated, case-insensitive string that can include letters, digits, hyphens (-), underscores (_), and dots (.), for example, example.com. The domain name suffix can include a maximum of 253 characters, and each separated string includes no more than 63 characters.

Usage guidelines

For domain name resolution, the resolver automatically uses the suffix list to supply the missing part of an incomplete name entered by a user.

A domain name suffix applies to both IPv4 DNS and IPv6 DNS.

The system allows a maximum of 16 domain name suffixes for the public network.

Examples

# Configure domain name suffix com for the public network.

<Sysname> system-view

[Sysname] dns domain com

Related commands

display dns domain

dns dscp

Use dns dscp to set the DSCP value for DNS packets sent by a DNS client or DNS proxy.

Use undo dns dscp to restore the default.

Syntax

dns dscp dscp-value

undo dns dscp

Default

The DSCP value is 0 in DNS packets sent by a DNS client or DNS proxy.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies the DSCP value in the range of 0 to 63.

Usage guidelines

The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority.

Examples

# Set the DSCP value to 30 for outgoing DNS packets.

<Sysname> system-view

[Sysname] dns dscp 30

dns host aging-time

Use dns host aging-time to set the aging time for a specified domain name.

Use undo dns host aging-time to restore the default.

Syntax

dns host host-name aging-time { time-value | infinite }

undo dns host host-name aging-time

Default

The aging time for a domain name is the TTL in the DNS reply.

Views

System view

Predefined user roles

network-admin

Parameters

host host-name: Specifies a domain name. It is a dot-separated, case-insensitive string that can include letters, digits, hyphens (-), underscores (_), and dots (.), for example, www.example.com. The domain name can include a maximum of 253 characters, and each separated string includes no more than 63 characters.

aging-time time-value: Specifies the aging time in seconds. The value range for this argument is 1 to 604800.

aging-time infinite: Specifies a permanently valid domain name.

Usage guidelines

The DNS server determines how long a DNS entry is valid, and the DNS cache device and DNS client obtain the aging information from DNS responses. To set the aging time, execute the dns host aging-time command.

With this command configured, the device searches the DNS cache and dynamic domain name resolution cache, and changes the TTL in all entries into the specified aging time.

To restore the default, execute the undo dns host aging-time command. The restored aging time is the original TTL in the DNS reply. The corresponding DNS entry is removed if the original TTL expires after executing the command.

You can set a maximum of 256 times of aging time for domain names.

Examples

# Set the aging time for domain name www.example.com on the public network to 3600 seconds.

<Sysname> system-view

[Sysname] dns host http://www.aabbcc.com/ aging-time 3600

Related commands

display arp timer aging

dns proxy enable

Use dns proxy enable to enable DNS proxy.

Use undo dns proxy enable to disable DNS proxy.

Syntax

dns proxy enable

undo dns proxy enable

Default

DNS proxy is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This configuration applies to both IPv4 DNS and IPv6 DNS.

Examples

# Enable DNS proxy.

<Sysname> system-view

[Sysname] dns proxy enable

dns server

Use dns server to specify the IPv4 address of a DNS server.

Use undo dns server to remove the IPv4 address of a DNS server.

Syntax

dns server ip-address

undo dns server [ ip-address ]

Default

No DNS server IPv4 address is specified.

Views

System view

Interface view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IPv4 address of a DNS server. When you execute the undo form of the command in interface view, you must specify this argument.

Usage guidelines

The device sends a DNS query request to the DNS servers in the order their IPv4 addresses are specified.

The system allows a maximum of six DNS server IPv4 addresses for the public network.

If you do not specify an IPv4 address, the undo dns server command removes all DNS server IPv4 addresses for the public network.

Examples

# Specify DNS server IPv4 address 172.16.1.1.

<Sysname> system-view

[Sysname] dns server 172.16.1.1

# Specify DNS server IPv4 address 172.16.1.1 on VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] dns server 172.16.1.1

Related commands

display dns server

dns source-interface

Use dns source-interface to specify the source interface for DNS packets.

Use undo dns source-interface to restore the default.

Syntax

dns source-interface interface-type interface-number

undo dns source-interface interface-type interface-number

Default

No source interface is specified for DNS packets. The device uses the primary IP address of the output interface of the matching route as the source IP address for a DNS request.

Views

System view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

This configuration applies to both IPv4 and IPv6.

In IPv4 DNS, the device uses the primary IPv4 address of the specified source interface as the source IP address of a DNS query. In IPv6 DNS, the device selects an IPv6 address of the specified source interface as the source IP address of a DNS query. The method of selecting the IPv6 address is defined in RFC 3484.

The system allows only one source interface for the public network. If you execute this command multiple times, the most recent configuration takes effect.

As a best practice, do not specify an automatically generated interface (for example, an automatic tunnel interface) as the source interface for DNS packets. Otherwise, configuration might fail or might be lost.

Examples

# Specify VLAN-interface 2 as the source interface for DNS packets on the public network.

<Sysname> system-view

[Sysname] dns source-interface vlan-interface 2

dns spoofing

Use dns spoofing to enable DNS spoofing and specify the IPv4 address for spoofing DNS requests.

Use undo dns spoofing to disable DNS spoofing.

Syntax

dns spoofing ip-address

undo dns spoofing ip-address

Default

DNS spoofing is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IPv4 address used to spoof DNS requests.

Usage guidelines

Use the dns spoofing command together with the dns proxy enable command.

DNS spoofing functions when the DNS proxy does not know the DNS server address or cannot reach the DNS server. It enables the DNS proxy to spoof DNS queries of type A by responding with the specified IPv4 address.

The system allows only one replied IPv4 address for the public network. If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Enable DNS spoofing for the public network and specify IPv4 address 1.1.1.1 for spoofing DNS requests.

<Sysname> system-view

[Sysname] dns proxy enable

[Sysname] dns spoofing 1.1.1.1

Related commands

dns proxy enable

dns trust-interface

Use dns trust-interface to specify a DNS trusted interface.

Use undo dns trust-interface to remove a DNS trusted interface.

Syntax

dns trust-interface interface-type interface-number

undo dns trust-interface [ interface-type interface-number ]

Default

No DNS trusted interface is specified.

Views

System view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

By default, an interface obtains DNS suffix and DNS server information from DHCP. A network attacker might act as the DHCP server to assign a wrong DNS suffix and DNS server address to the device. As a result, the device fails to obtain the resolved IP address or might get the wrong IP address. With the DNS trusted interface specified, the device only uses the DNS suffix and DNS server information obtained through the trusted interface to avoid attacks.

This configuration applies to both IPv4 DNS and IPv6 DNS.

You can configure a maximum of 128 DNS trusted interfaces on the device.

If you do not specify an interface, the undo dns trust-interface command removes all DNS trusted interfaces and restores the default.

Examples

# Specify VLAN-interface 2 as a DNS trusted interface.

<Sysname> system-view

[Sysname] dns trust-interface vlan-interface 2

ip host

Use ip host to create a host name-to-IPv4 address mapping.

Use undo ip host to remove a host name-to-IPv4 address mapping.

Syntax

ip host host-name ip-address

undo ip host host-name ip-address

Default

No host name-to-IPv4 address mappings exist.

Views

System view

Predefined user roles

network-admin

Parameters

host-name: Specifies a host name, a case-insensitive string of 1 to 253 characters. Valid characters are letters, digits, hyphens (-), underscores (_), and dots (.).

ip-address: Specifies the IPv4 address of the host.

Usage guidelines

The system allows a maximum of 1024 host name-to-IPv4 address mappings for the public network.

For the public network, each host name maps to only one IPv4 address. If you execute this command multiple times, the most recent configuration takes effect.

Do not use the ping command parameter ip, -a, -c, -f, -h, -i, -m, -n, -p, -q, -r, -s, -t, -tos, -v, or -vpn-instance as the host name. For more information about the ping command parameters, see Network Management and Monitoring Command Reference.

Examples

# Map IPv4 address 10.110.0.1 to host name aaa for the public network.

<Sysname> system-view

[Sysname] ip host aaa 10.110.0.1

Related commands

display dns host

ipv6 dns dscp

Use ipv6 dns dscp to set the DSCP value for IPv6 DNS packets sent by an IPv6 DNS client or IPv6 DNS proxy.

Use undo ipv6 dns dscp to restore the default.

Syntax

ipv6 dns dscp dscp-value

undo ipv6 dns dscp

Default

The DSCP value is 0 in IPv6 DNS packets sent by an IPv6 DNS client or IPv6 DNS proxy.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies the DSCP value in the range of 0 to 63.

Usage guidelines

The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority.

Examples

# Set the DSCP value to 30 for outgoing IPv6 DNS packets.

<Sysname> system-view

[Sysname] ipv6 dns dscp 30

ipv6 dns server

Use ipv6 dns server to specify the IPv6 address of a DNS server.

Use undo ipv6 dns server to remove the IPv6 address of a DNS server.

Syntax

ipv6 dns server ipv6-address [ interface-type interface-number ]

undo ipv6 dns server [ ipv6-address [ interface-type interface-number ] ]

Default

No DNS server IPv6 address is specified.

Views

System view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies the IPv6 address of a DNS server.

interface-type interface-number: Specifies the output interface by its type and number. If you do not specify an interface, the device forwards DNS packets out of the output interface of the matching route. Specify this argument if the IPv6 address of the DNS server is a link-local address. Do not specify this argument if the IPv6 address of the DNS server is a global unicast address.

Usage guidelines

For dynamic DNS, the device sends a DNS query request to the DNS servers in the order their IPv6 addresses are specified.

The system allows a maximum of six DNS server IPv6 addresses for the public network.

If you do not specify an IPv6 address, the undo ipv6 dns server command removes all DNS server IPv6 addresses for the public network.

Examples

# Specify DNS server IPv6 address 2002::1 for the public network.

<Sysname> system-view

[Sysname] ipv6 dns server 2002::1

Related commands

display ipv6 dns server

ipv6 dns spoofing

Use ipv6 dns spoofing to enable DNS spoofing and specify the IPv6 address to spoof DNS requests.

Use undo ipv6 dns spoofing to disable DNS spoofing.

Syntax

ipv6 dns spoofing ipv6-address

undo ipv6 dns spoofing ipv6-address

Default

DNS spoofing is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies the IPv6 address used to spoof DNS requests.

Usage guidelines

Use the ipv6 dns spoofing command together with the dns proxy enable command.

DNS spoofing functions when the DNS proxy does not know the DNS server address or cannot reach the DNS server. It enables the DNS proxy to spoof DNS queries of type AAAA by responding with the specified IPv6 address.

The system allows only one replied IPv6 address for the public network. If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Enable DNS spoofing for the public network and specify IPv6 address 2001::1 for spoofing DNS requests.

<Sysname> system-view

[Sysname] dns proxy enable

[Sysname] ipv6 dns spoofing 2001::1

Related commands

dns proxy enable

ipv6 host

Use ipv6 host to create a host name-to-IPv6 address mapping.

Use undo ipv6 host to remove a host name-to-IPv6 address mapping.

Syntax

ipv6 host host-name ipv6-address

undo ipv6 host host-name ipv6-address

Default

No host name-to-IPv6 address mappings exist.

Views

System view

Predefined user roles

network-admin

Parameters

host-name: Specifies a host name, a case-insensitive string of 1 to 253 characters. It can include letters, digits, hyphens (-), underscores (_), and dots (.).

ipv6-address: Specifies the IPv6 address of the host.

Usage guidelines

The system allows a maximum of 1024 host name-to-IPv6 address mappings for the public network.

For the public network, each host name maps to only one IPv6 address. If you execute this command multiple times, the most recent configuration takes effect.

Do not use the ping ipv6 command parameter -a, -c, -i, -m, -q, -s, -t, -tc, -v, or -vpn-instance as the host name. For more information about the ping ipv6 command parameters, see Network Management and Monitoring Command Reference.

Examples

# Map IPv6 address 2001::1 to host name aaa for the public network.

<Sysname> system-view

[Sysname] ipv6 host aaa 2001::1

Related commands

ip host

reset dns host

Use reset dns host to clear dynamic DNS entries.

Syntax

reset dns host [ ip | ipv6 ]

Views

User view

Predefined user roles

network-admin

Parameters

ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address.

ipv6: Specifies type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address.

Usage guidelines

If you do not specify the ip or ipv6 keyword, the reset dns host command clears dynamic DNS entries of all query types.

Examples

# Clear dynamic DNS entries of all query types for the public network.

<Sysname> reset dns host

Related commands

display dns host