3.2.16. dns-server¶

Note

requires a Product License.

DNS server configuration.

vsr running config# vrf <vrf> dns-server

enabled (pushed)¶

Enable DNS server.

vsr running config# vrf <vrf> dns-server
vsr running dns-server# enabled true|false

Enable forwarding queries for not locally known hosts to upstream servers. These servers are defined in /config/vrf/dns/server.

vsr running config# vrf <vrf> dns-server
vsr running dns-server# use-system-servers true|false

Interface on which DNS will listen.

vsr running config# vrf <vrf> dns-server
vsr running dns-server# bind BIND

BIND

An interface name.

Enable DNS over TLS.

vsr running config# vrf <vrf> dns-server tls

Set certificate name for TLS.

vsr running config# vrf <vrf> dns-server tls
vsr running tls# certificate-name <string>

Enable DNS over HTTPS.

vsr running config# vrf <vrf> dns-server tls
vsr running tls# dns-over-https true|false

Enable forward TLS when contacting upstream servers. You need to put server in config in order to make this work.

vsr running config# vrf <vrf> dns-server forward-tls

Rely on system certificates to validate the authenticate name.

vsr running config# vrf <vrf> dns-server forward-tls
vsr running forward-tls# use-system-certificates true|false

Certificates to put in the bundle. They must be listed from last intermediate certificate to the root one.

vsr running config# vrf <vrf> dns-server forward-tls
vsr running forward-tls# certificates <string>

Add hosts to the DNS with associated IPv4/IPv6 addresses.

vsr running config# vrf <vrf> dns-server
vsr running dns-server# record <record> IP

<record>

A FQDN string.

IPv4 or IPv6 addresses.

IP

`IP` values	Description
`<ipv4-address>`	An IPv4 address.
`<ipv6-address>`	An IPv6 address.

Log DNS queries.

vsr running config# vrf <vrf> dns-server logging

Enable logging DNS queries.

vsr running config# vrf <vrf> dns-server logging
vsr running logging# enabled true|false

Specify IP address of upstream servers.

vsr running config# vrf <vrf> dns-server
vsr running dns-server# server <server> tls-authenticate-name <string>{1,max} \
... source SOURCE

`<server>` values	Description
`<ipv4-address>`	An IPv4 address.
`<ipv6-address>`	An IPv6 address.

Authenticate name to use for TLS connection. Only used when forward TLS is enabled.

tls-authenticate-name <string>{1,max}

IPv4 or IPv6 source address.

source SOURCE

`SOURCE` values	Description
`<ipv4-address>`	An IPv4 address.
`<ipv6-address>`	An IPv6 address.