Domain Name Service – DNS

Introduction

Most users find it is easier to refer to Internet hosts using domain names than using IP addresses. For example, http://www.example.com is easier to remember than http://93.184.216.119.

To facilitate the use of the Domain Name System (DNS), configuration of up to two DNS server entries are supported. It is also possible to set a default domain search path. These settings can also be acquired by DHCP clients.

Using domain names on a switch is also convenient, e.g., when setting up ping triggers, VPN peers or when troubleshooting with tools such as ping or traceroute. It is also convenient to communicate with the switch using domain names. When the switch acquires its IP address dynamically (via DHCP or PPP) from an ISP, maintaining the DNS server entry is cumbersome. To that end the system includes support for dynamic DNS (DDNS). With DDNS enabled, the switch updates its DNS server entry automatically when acquiring a new IP address.

Examples of supported DDNS providers are:

See the CLI or Web online help for a more up-to-date list.

Proxy DNS

The system can act as a DNS proxy server. When enabled, the device responds to DNS queries for known hosts, which are either:

  • statically added by using the host command, or
  • hosts for which this unit acts as DHCP server, see also the show dhcp-clients command

As DNS proxy, the device also acts as a caching DNS forwarder; DNS queries of unknown hosts are forwarded to the unit’s own DNS server and the answer is cached for fast response of subsequent requests for the same host. Domain specific overrides may be set as domain forwarding rules.

Conditional Domain Forwarding

The unit can also be configured to perform conditional forwarding based on the domain name in the DNS query. By specifying a domain name and the IP(v4) address of the DNS server to which queries should be forwarded, queries for that domain and all its sub-domains will be forwarded to the specified DNS server.

Up to MAX_NUM_FW_RULES (1024) rules may be specified. Multiple rules may have the same domain name to provide DNS server redundancy. If a sub-domain rule is specified, the sub-domain rule will have precedence over the domain rule.

For example, consider the following rules:

  • domain-forward example.net 10.10.10.10
  • domain-forward sub1.example.net 20.20.20.20

With these two rules, the unit will forward queries for www.sub1.example.net to address 20.20.20.20, but queries for www.example.net to address 10.10.10.10.

Configuration

The DNS is a top-level configuration context in the CLI:

example:/#> configure
example:/config/#> dns
example:/config/dns/#>
[no] name-server [IPADDR[,IPADDR]]
Set domain name server(s).
[no] search [some.domain.tld]
Set search path list for host name lookups.
[no] host [HOSTNAME IPADDR]
Manage entries in the local host table.
[no] server
Enable or disable DNS server

Server configuration

Server is a sub-context in the DNS configuration:

example:/#> configure
example:/config/#> dns
example:/config/dns/#> server
[no] enable

Enable or disable DNS server, the configuration will remain dormant while disabled.

no
Disable the DNS server.
[no] listen IFACE [IFACE ...]

Interfaces on which to allow server queries.

no
Remove all listening ifaces.
[no] domain-forward <FQDN> <IPADDR>

Forward queries for a domain to another name server.

FQDN
A fully qualified domain name.
IPADDR
IP address in standard quad-dotted notation, e.g. 192.168.1.1.
[no] reject-AAAA

Reject DNS AAAA resolution requests.

no
Disables the immediate rejection of AAAA request.