DNS Configuration
dns server
Section titled “dns server”[Command] dns serverip-address no dns serverip-address
[Purpose] Configure Domain Name System (DNS) Servers
[View] System configuration view
[Use Cases]
sonic# configuresonic(config)# dns server 114.114.114.114dns relay enable
Section titled “dns relay enable”[Command] dns relay enable no dns relay enable
[Purpose] Enable the DNS relay function on the device to allow it to resolve domain names via a domain name server.
[View] System configuration view
[Use Cases]
sonic# configuresonic(config)# dns relay enabledns query-group
Section titled “dns query-group”[Command] dns query-groupstring
[Purpose] Configure the DNS domain name table; you can add domain names to the domain name table.
[View] System configuration view
[Notes] After configuring the DNS server and enabling DNS relay, proceed to configure the DNS query-group.
[Use Cases]
sonic# configuresonic(config)# dns query-group testsonic(config-dns-query-group-test)#[Command] queryhostname string
[Purpose] Add a domain name to the DNS domain name table for subsequent ACL configuration. Multiple queries can be configured within the table.
[View] DNS Domain Name Table View
[Parameter]
| Parameter | Description |
|---|---|
| hostname string | The configured domain name, must not exceed 64 characters. |
[Use Cases]
sonic# configuresonic(config)# dns query-group testsonic(config-dns-query-group-test)#query www.weibo.com[Command] rulerule_id**[{packet-action {deny|permit}}] [src-ip ip-address] [dst-ip ip-address][src-port port] [dst-port port] [ip-type type][src-dns-group name] [dst-dns-group name]** no rulerule_id
[Purpose] Add DNS ACL rules
[View] ACL View
[Parameter]
| Parameter | Description |
|---|---|
| rule_id | Rule ID, value range: 0-500; also indicates rule priority (higher number = higher priority), values must be unique |
| packet-action | Packet action when rule is matched |
| deny | Discard |
| permit | Allow to pass |
| src-ip ip-address | Source IP address, format: A.B.C.D/M |
| dst-ip ip-address | Destination IP address, format: A.B.C.D/M |
| src-dns-group name | Source DNS domain group, name refers to created domain group name |
| dst-dns-group name | Destination DNS domain group, name refers to created domain group name |
[Notes] When configuring DNS ACL related rules, please note that the src dns group/dst dns group matching fields cannot be configured and distributed together with src ip/dst ip.
[Use Cases]
sonic(config)# access-list L3 test ingresssonic(config-L3-acl-test)# rule 1 dst-dns-group test1 packet-action permit