Operation, Dhcp relay agent support for option 82, Configuring the dns proxy – H3C Technologies H3C S12500 Series Switches User Manual
Page 85: Configuring dns spoofing
72
query is first sent to the DNS server that has the highest priority. If no reply is received, it is sent to the
DNS server that has the second highest priority, and thus in turn.
In addition, you can configure a DNS suffix that the system automatically adds to the provided domain
name for resolution. A DNS suffix manually configured takes precedence over the one dynamically
obtained through DHCP, and a DNS suffix configured earlier takes precedence. The DNS resolver first
uses the suffix that has the highest priority. If the name resolution fails, the DNS resolver uses the suffix
that has the second highest priority, and thus in turn.
355B
Configuration procedure
To configure dynamic domain name resolution:
Step Command Remarks
1.
Enter system view.
system-view
N/A
2.
Specify a DNS server
IPv4 address.
dns server ip-address [ vpn-instance
vpn-instance-name ]
By
default, no DNS server IP
address is specified.
3.
(Optional.) Configure a
DNS suffix.
dns domain domain-name
[ vpn-instance vpn-instance-name ]
By default, no DNS suffix is
configured and only the provided
domain name is resolved.
83B
Configuring the DNS proxy
You can specify multiple DNS servers. The DNS proxy forwards a request to the DNS server that has the
highest priority. If having not received a reply, it forwards the request to a DNS server that has the second
highest priority, and thus in turn.
A DNS proxy forwards an IPv4 name query first to IPv4 DNS servers, and if no reply is received, it
forwards the request to IPv6 DNS servers. The DNS proxy forwards an IPv6 name query first to IPv6 DNS
servers, and if no reply is received, it forwards the request to IPv4 DNS servers.
To configure the DNS proxy:
Step Command
Remarks
1.
Enter system view.
system-view N/A
2.
Enable DNS proxy.
dns proxy enable
By default, DNS proxy is disabled.
3.
Specify a DNS server
IPv4 address.
dns server ip-address [ vpn-instance
vpn-instance-name ]
By default, no DNS server IP address
is specified.
84B
Configuring DNS spoofing
DNS spoofing is effective only when:
•
The DNS proxy is enabled on the device.
•
No DNS server or route to any DNS server is specified on the device.
You can configure only one replied IPv4 address for the public network or a VPN. If you use the
command multiple times, the most recent configuration takes effect.