beautypg.com

Configuring the dns proxy, Configuring dns spoofing – H3C Technologies H3C S5560 Series Switches User Manual

Page 105

background image

90

Step Command

Remarks

2.

Specify a DNS server IP
address.

Specify a DNS server IPv4 address:
dns server ip-address [ vpn-instance

vpn-instance-name ]

Specify a DNS server IPv6 address:

ipv6 dns server ipv6-address

[ interface-type interface-number ]

[ vpn-instance vpn-instance-name ]

Use at least one command.
By default, no DNS server IP

address is specified.

3.

(Optional.) Configure a

DNS suffix.

dns domain domain-name
[ vpn-instance vpn-instance-name ]

By default, no DNS suffix is
configured. Only the provided
domain name is resolved.

Configuring the DNS proxy

You can specify multiple DNS servers. The DNS proxy forwards a request to the DNS server that has the

highest priority. If having not received a reply, it forwards the request to a DNS server that has the second
highest priority, and so on.
A DNS proxy forwards an IPv4 name query first to IPv4 DNS servers, and if no reply is received, it

forwards the request to IPv6 DNS servers. The DNS proxy forwards an IPv6 name query first to IPv6 DNS

servers, and if no reply is received, it forwards the request to IPv4 DNS servers.
To configure the DNS proxy:

Step Command

Remarks

1.

Enter system view.

system-view N/A

2.

Enable DNS proxy.

dns proxy enable

By default, DNS proxy is
disabled.

3.

Specify a DNS server IP
address.

Specify a DNS server IPv4 address:

dns server ip-address [ vpn-instance

vpn-instance-name ]

Specify a DNS server IPv6 address:

ipv6 dns server ipv6-address

[ interface-type interface-number ]
[ vpn-instance

vpn-instance-name ]

Use at least one command.
By default, no DNS server IP
address is specified.

Configuring DNS spoofing

DNS spoofing is effective only when:

The DNS proxy is enabled on the device.

No DNS server or route to any DNS server is specified on the device.

Follow these guidelines when you configure DNS spoofing:

You can configure only one replied IPv4 address and one replied IPv6 address for the public
network or a VPN. If you use the command multiple times, the most recent configuration takes effect.

You can configure DNS spoofing for the public network and a maximum of 1024 VPNs.

To configure DNS spoofing:

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: