101
Step Command Remarks
2. Specify a DNS server.
• Specify a DNS server IPv4 address:
dns server ip-address [ vpn-instance
vpn-instance-name ]
• Specify a DNS server IPv6 address:
ipv6 dns server ipv6-address
[ interface-type interface-number ]
[ vpn-instance vpn-instance-name ]
By default, no DNS server is
specified.
You can specify both the
IPv4 and IPv6 addresses.
3. (Optional.) Configure a
DNS suffix.
dns domain
domain-name [
vpn-instance
vpn-instance-name ]
By default, no DNS suffix is
configured. Only the
provided domain name is
resolved.
Configuring the DNS proxy
You can specify multiple DNS servers. The DNS proxy forwards a request to the DNS server that has
the highest priority. If having not received a reply, it forwards the request to a DNS server that has the
second highest priority, and so on.
A DNS proxy forwards an IPv4 name query first to IPv4 DNS servers. If no reply is received, it
forwards the request to IPv6 DNS servers.
A DNS proxy forwards an IPv6 name query first to IPv6 DNS servers. If no reply is received, it
forwards the request to IPv4 DNS servers.
To configure the DNS proxy:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable DNS proxy.
dns proxy enable
By default, DNS proxy is
disabled.
3. Specify a DNS
server.
• Specify a DNS server IPv4 address:
dns server ip-address [ vpn-instance
vpn-instance-name ]
• Specify a DNS server IPv6 address:
ipv6 dns server ipv6-address
[ interface-type interface-number ]
[ vpn-instance vpn-instance-name ]
By default, no DNS
server is specified.
You can specify both the
IPv4 and IPv6 DNS
addresses.
Configuring DNS spoofing
DNS spoofing takes effect only when the following conditions are met:
• The DNS proxy is enabled on the device.
• No DNS server or route to any DNS server is specified on the device.
• In a 3G or 4G network, network mode tracking is enabled for a 2G output interface.
Follow these guidelines when you configure DNS spoofing:
• You can configure only one replied IPv4 address and one replied IPv6 address for the public
network or a VPN. If you use the command multiple times, the most recent configuration takes
effect.
• You can configure DNS spoofing for the public network and a maximum of 1024 VPNs.
• DNS spoofing spoofs a DNS request even though a matching static DNS entry exists.
To Next Page
Loading...
Need help?
General
