3.2.16. dns-server¶
Note
requires a Product License.
DNS server configuration.
vsr running config# vrf <vrf> dns-server
enabled (pushed)¶
Enable DNS server.
vsr running config# vrf <vrf> dns-server
vsr running dns-server# enabled true|false
- Default value
true
use-system-servers¶
Enable forwarding queries for not locally known hosts to upstream servers. These servers are defined in /config/vrf/dns/server.
vsr running config# vrf <vrf> dns-server
vsr running dns-server# use-system-servers true|false
- Default value
true
bind¶
Interface on which DNS will listen.
vsr running config# vrf <vrf> dns-server
vsr running dns-server# bind BIND
|
An interface name. |
tls¶
Enable DNS over TLS.
vsr running config# vrf <vrf> dns-server tls
certificate-name (mandatory)¶
Set certificate name for TLS.
vsr running config# vrf <vrf> dns-server tls
vsr running tls# certificate-name <string>
dns-over-https¶
Enable DNS over HTTPS.
vsr running config# vrf <vrf> dns-server tls
vsr running tls# dns-over-https true|false
- Default value
false
forward-tls¶
Enable forward TLS when contacting upstream servers. You need to put server in config in order to make this work.
vsr running config# vrf <vrf> dns-server forward-tls
use-system-certificates¶
Rely on system certificates to validate the authenticate name.
vsr running config# vrf <vrf> dns-server forward-tls
vsr running forward-tls# use-system-certificates true|false
- Default value
true
certificates¶
Certificates to put in the bundle. They must be listed from last intermediate certificate to the root one.
vsr running config# vrf <vrf> dns-server forward-tls
vsr running forward-tls# certificates <string>
record¶
Add hosts to the DNS with associated IPv4/IPv6 addresses.
vsr running config# vrf <vrf> dns-server
vsr running dns-server# record <record> IP
|
A FQDN string. |
IP (mandatory)¶
IPv4 or IPv6 addresses.
IP
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv6 address. |
logging¶
Log DNS queries.
vsr running config# vrf <vrf> dns-server logging
enabled¶
Enable logging DNS queries.
vsr running config# vrf <vrf> dns-server logging
vsr running logging# enabled true|false
server¶
Specify IP address of upstream servers.
vsr running config# vrf <vrf> dns-server
vsr running dns-server# server <server> tls-authenticate-name <string>{1,max} \
... source SOURCE
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv6 address. |
tls-authenticate-name¶
Authenticate name to use for TLS connection. Only used when forward TLS is enabled.
tls-authenticate-name <string>{1,max}
source¶
IPv4 or IPv6 source address.
source SOURCE
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv6 address. |