3.2.16. dns-server

Note

requires a Product License.

DNS server configuration.

vsr running config# vrf <vrf> dns-server

enabled (pushed)

Enable DNS server.

vsr running config# vrf <vrf> dns-server
vsr running dns-server# enabled true|false
Default value
true

use-system-servers

Enable forwarding queries for not locally known hosts to upstream servers. These servers are defined in /config/vrf/dns/server.

vsr running config# vrf <vrf> dns-server
vsr running dns-server# use-system-servers true|false
Default value
true

bind

Interface on which DNS will listen.

vsr running config# vrf <vrf> dns-server
vsr running dns-server# bind BIND

BIND

An interface name.

tls

Enable DNS over TLS.

vsr running config# vrf <vrf> dns-server tls

certificate-name (mandatory)

Set certificate name for TLS.

vsr running config# vrf <vrf> dns-server tls
vsr running tls# certificate-name <string>

dns-over-https

Enable DNS over HTTPS.

vsr running config# vrf <vrf> dns-server tls
vsr running tls# dns-over-https true|false
Default value
false

forward-tls

Enable forward TLS when contacting upstream servers. You need to put server in config in order to make this work.

vsr running config# vrf <vrf> dns-server forward-tls

use-system-certificates

Rely on system certificates to validate the authenticate name.

vsr running config# vrf <vrf> dns-server forward-tls
vsr running forward-tls# use-system-certificates true|false
Default value
true

certificates

Certificates to put in the bundle. They must be listed from last intermediate certificate to the root one.

vsr running config# vrf <vrf> dns-server forward-tls
vsr running forward-tls# certificates <string>

record

Add hosts to the DNS with associated IPv4/IPv6 addresses.

vsr running config# vrf <vrf> dns-server
vsr running dns-server# record <record> IP

<record>

A FQDN string.

IP (mandatory)

IPv4 or IPv6 addresses.

IP

IP values

Description

<ipv4-address>

An IPv4 address.

<ipv6-address>

An IPv6 address.

logging

Log DNS queries.

vsr running config# vrf <vrf> dns-server logging

enabled

Enable logging DNS queries.

vsr running config# vrf <vrf> dns-server logging
vsr running logging# enabled true|false

server

Specify IP address of upstream servers.

vsr running config# vrf <vrf> dns-server
vsr running dns-server# server <server> tls-authenticate-name <string>{1,max} \
... source SOURCE

<server> values

Description

<ipv4-address>

An IPv4 address.

<ipv6-address>

An IPv6 address.

tls-authenticate-name

Authenticate name to use for TLS connection. Only used when forward TLS is enabled.

tls-authenticate-name <string>{1,max}

source

IPv4 or IPv6 source address.

source SOURCE

SOURCE values

Description

<ipv4-address>

An IPv4 address.

<ipv6-address>

An IPv6 address.