DNS Configuration Guide
The Domain Name System (DNS) is one of the core services of the internet. It functions as a distributed database that maps domain names to IP addresses, enabling users to access the internet more conveniently. Through its hierarchical naming architecture, DNS achieves unified management and resolution of global domain names, providing users with an intuitive and easy-to-remember method for accessing websites.
The advantages of DNS include an efficient domain name resolution mechanism, a distributed system architecture, robust caching capabilities, and reliable redundancy backups. Compared to traditional host file-based resolution methods, DNS is more efficient, reliable, and scalable, delivering a seamless internet access experience for users.
DNS Configuration
Section titled “DNS Configuration”Enable DNS relay function
Section titled “Enable DNS relay function”| Operation | Command | Description |
|---|---|---|
| Enter the system configuration view | configure terminal | - |
| Enable DNS relay function | dns relay enable | - |
Configuring DNS Domain Name Server
Section titled “Configuring DNS Domain Name Server”| Operation | Command | Description |
|---|---|---|
| Enter the system configuration view | configure terminal | - |
| Configure DNS Domain Name Server | dns server A.B.C.D | Configure server IP, such as 8.8.8.8 |
Configuring DNS Request List
Section titled “Configuring DNS Request List”| Operation | Command | Description |
|---|---|---|
| Enter the system configuration view | configure terminal | |
| Enter DNS query group configuration view | dns query-group | String: Configure DNS request list name |
| Configure the domain name that needs to be queried | query | Hostname: Configure domain name, maximum length 64 bytes |
Configuring DNS ACL
Section titled “Configuring DNS ACL”| Operation | Command | Description |
|---|---|---|
| Enter the system configuration view | configure terminal | |
| Enter ACL configuration view | access-list {L3|L3V6} | Enter ACL configuration view |
| Configure corresponding DNS ACL matching fields | {src-dns-group|dst-dns-group} | string:Configure the DNS request list names to match, note that src dns group | dst dns group cannot be matched with src ip | dst ip together |
Display and Maintenance
Section titled “Display and Maintenance”| Operation | Command |
|---|---|
| Display DNS server | show dns server |
Example of DNS ACL Configuration
Section titled “Example of DNS ACL Configuration”Network Requirements
Enterprise networking hopes to set firewall rules through devices, such as prohibiting all traffic originating from a certain domain group from entering and accessing the intranet from the device. In order to ensure that firewall rules can be correctly configured and effective, DNS ACL rules need to be configured as follows:
Procedure
sonic(config)# dns relay enablesonic(config)# dns server 114.114.114.114sonic(config)# dns query-group testsonic(config-dns-query-group-test)# query www.baidu.comsonic(config-dns-query-group-test)# query www.taobao.comsonic(config-dns-query-group-test)# exitsonic(config)# access-list L3 test1 ingresssonic(config-L3-acl-test1)# rule 1 src-dns-group test packet-action denysonic(config-L3-acl-test1)# exitsonic(config)# interface ethernet 3sonic(config-if-3)# acl test1sonic(config-if-3)# exit