88
A DNS proxy forwards an IPv4 name query first to IPv4 DNS servers, and if no reply is received, it
forwards the request to IPv6 DNS servers. The DNS proxy forwards an IPv6 name query first to IPv6 DNS
servers, and if no reply is received, it forwards the request to IPv4 DNS servers.
To configure the DNS proxy:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable DNS proxy.
dns proxy enable
By default, DNS proxy is
disabled.
3.
Specify a DNS server IP
address.
•
Specify a DNS server IPv4 address:
dns server
ip-address
[
vpn-instance
vpn-instance-name
]
•
Specify a DNS server IPv6 address:
ipv6 dns server
ipv6-address
[
interface-type interface-number
]
[
vpn-instance
vpn-instance-name
]
Use at least one command.
By default, no DNS server IP
address is specified.
Configuring DNS spoofing
DNS spoofing is effective only when:
•
The DNS proxy is enabled on the device.
•
No DNS server or route to any DNS server is specified on the device.
Follow these guidelines when you configure DNS spoofing:
•
You can configure only one replied IPv4 address and one replied IPv6 address for the public
network or a VPN. If you use the command multiple times, the most recent configuration takes effect.
•
You can configure DNS spoofing for the public network and a maximum of 1024 VPNs.
To configure DNS spoofing:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable DNS proxy.
dns proxy enable
By default, DNS proxy is disabled.
3.
Enable DNS spoofing and
specify the translated IP
address.
•
Specify a translated IPv4 address:
dns spoofing
ip-address
[
vpn-instance
vpn-instance-name
]
•
Specify a translated IPv6 address:
ipv6 dns spoofing
ipv6-address
[
vpn-instance
vpn-instance-name
]
Use at least one command.
By default, no translated IP
address is specified.
Specifying the source interface for DNS packets
By default, the device uses the primary IP address of the output interface of the matching route as the
source IP address of a DNS request. Therefore, the source IP address of the DNS packets might vary with
Содержание MSR 2600 Series
Страница 6: ...We appreciate your comments...
Страница 33: ...18 AC vlan1 quit...
Страница 113: ...98 Figure 41 Creating a record d On the page that appears select IPv6 Host AAAA as the resource record type...
Страница 118: ...103...
Страница 168: ...153 H323 Enabled ICMP ERROR Enabled...
Страница 170: ...155 Task Command Display FIB entries display fib vpn instance vpn instance name ip address mask mask length...