Operation, Dhcp relay agent support for option 82, Configuring the dns proxy – H3C Technologies H3C S12500 Series Switches User Manual

72

query is first sent to the DNS server that has the highest priority. If no reply is received, it is sent to the

DNS server that has the second highest priority, and thus in turn.
In addition, you can configure a DNS suffix that the system automatically adds to the provided domain

name for resolution. A DNS suffix manually configured takes precedence over the one dynamically

obtained through DHCP, and a DNS suffix configured earlier takes precedence. The DNS resolver first

uses the suffix that has the highest priority. If the name resolution fails, the DNS resolver uses the suffix
that has the second highest priority, and thus in turn.

355B

Configuration procedure

To configure dynamic domain name resolution:

Step Command Remarks

1.

Enter system view.

system-view

N/A

2.

Specify a DNS server
IPv4 address.

dns server ip-address [ vpn-instance
vpn-instance-name ]

By

default, no DNS server IP

address is specified.

3.

(Optional.) Configure a
DNS suffix.

dns domain domain-name
[ vpn-instance vpn-instance-name ]

By default, no DNS suffix is
configured and only the provided

domain name is resolved.

83B

Configuring the DNS proxy

You can specify multiple DNS servers. The DNS proxy forwards a request to the DNS server that has the
highest priority. If having not received a reply, it forwards the request to a DNS server that has the second

highest priority, and thus in turn.
A DNS proxy forwards an IPv4 name query first to IPv4 DNS servers, and if no reply is received, it

forwards the request to IPv6 DNS servers. The DNS proxy forwards an IPv6 name query first to IPv6 DNS
servers, and if no reply is received, it forwards the request to IPv4 DNS servers.
To configure the DNS proxy:

Step Command

Remarks

1.

Enter system view.

system-view N/A

2.

Enable DNS proxy.

dns proxy enable

By default, DNS proxy is disabled.

3.

Specify a DNS server

IPv4 address.

dns server ip-address [ vpn-instance
vpn-instance-name ]

By default, no DNS server IP address
is specified.

84B

Configuring DNS spoofing

DNS spoofing is effective only when:

•

The DNS proxy is enabled on the device.

•

No DNS server or route to any DNS server is specified on the device.

You can configure only one replied IPv4 address for the public network or a VPN. If you use the

command multiple times, the most recent configuration takes effect.