2.11. dns-server¶
Note
requires a Product License.
DNS server configuration.
vsr running config# vrf <vrf> dns-server
2.11.1. enabled (pushed)¶
Enable DNS server.
vsr running config# vrf <vrf> dns-server
vsr running dns-server# enabled true|false
- Default value
true
2.11.2. use-system-servers¶
Enable forwarding queries for not locally known hosts to upstream servers. These servers are defined in /config/vrf/dns/server.
vsr running config# vrf <vrf> dns-server
vsr running dns-server# use-system-servers true|false
- Default value
true
2.11.3. bind¶
Interface on which DNS will listen.
vsr running config# vrf <vrf> dns-server
vsr running dns-server# bind BIND
BIND |
An interface name. |
2.11.4. tls¶
Enable DNS over TLS.
vsr running config# vrf <vrf> dns-server tls
certificate-name (mandatory)¶
Set certificate name for TLS.
vsr running config# vrf <vrf> dns-server tls
vsr running tls# certificate-name <string>
dns-over-https¶
Enable DNS over HTTPS.
vsr running config# vrf <vrf> dns-server tls
vsr running tls# dns-over-https true|false
- Default value
false
2.11.5. forward-tls¶
Enable forward TLS when contacting upstream servers. You need to put server in config in order to make this work.
vsr running config# vrf <vrf> dns-server forward-tls
use-system-certificates¶
Rely on system certificates to validate the authenticate name.
vsr running config# vrf <vrf> dns-server forward-tls
vsr running forward-tls# use-system-certificates true|false
- Default value
true
certificates¶
Certificates to put in the bundle. They must be listed from last intermediate certificate to the root one.
vsr running config# vrf <vrf> dns-server forward-tls
vsr running forward-tls# certificates <string>
2.11.6. record¶
Add hosts to the DNS with associated IPv4/IPv6 addresses.
vsr running config# vrf <vrf> dns-server
vsr running dns-server# record <record> IP
<record> |
The domain-name type represents a DNS domain name. Fully quallified left to the models which utilize this type. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492. |
IP¶
IPv4 or IPv6 addresses.
IP
IP |
An IPv4 or IPv6 address. |
2.11.7. logging¶
Log DNS queries.
vsr running config# vrf <vrf> dns-server logging
enabled¶
Enable logging DNS queries.
vsr running config# vrf <vrf> dns-server logging
vsr running logging# enabled true|false
2.11.8. server¶
Specify IP address of upstream servers.
vsr running config# vrf <vrf> dns-server
vsr running dns-server# server <server> tls-authenticate-name <string> source SOURCE
<server> |
An IPv4 or IPv6 address. |
tls-authenticate-name¶
Authenticate name to use for TLS connection. Only used when forward TLS is enabled.
tls-authenticate-name <string>
source¶
IPv4 or IPv6 source address.
source SOURCE
SOURCE |
An IPv4 or IPv6 address. |