DNS Configuration

dns configuration dns configuration dns server dns server ip address \[command] dns server ip address no dns server ip address \[purpose] configure domain name system (dns) servers \[view] system configuration view \[use cases] sonic# configure sonic(config)# dns server 114 114 114 114 dns relay enable dns relay enable \[command] dns relay enable no dns relay enable \[purpose] enable the dns relay function on the device to allow it to resolve domain names via a domain name server \[view] system configuration view \[use cases] sonic# configure sonic(config)# dns relay enable dns query group dns query group string \[command] dns query group string \[purpose] configure the dns domain name table; you can add domain names to the domain name table \[view] system configuration view \[notes] after configuring the dns server and enabling dns relay, proceed to configure the dns query group \[use cases] sonic# configure sonic(config)# dns query group test sonic(config dns query group test)# query query hostname string \[command] query hostname string \[purpose] add a domain name to the dns domain name table for subsequent acl configuration multiple queries can be configured within the table \[view] dns domain name table view \[parameter] parameter description hostname string the configured domain name, must not exceed 64 characters \[use cases] sonic# configure sonic(config)# dns query group test sonic(config dns query group test)#query www weibo com rule rule \[command] rule rule id \[ {packet action {deny|permit}}] \[src ip ip address] \[dst ip ip address]\[src port port] \[dst port port] \[ip type type]\[src dns group name] \[dst dns group name ] no rule rule id \[purpose] add dns acl rules \[view] acl view \[parameter] parameter description rule id rule id, value range 0 500; also indicates rule priority (higher number = higher priority), values must be unique packet action packet action when rule is matched deny discard permit allow to pass src ip ip address source ip address, format a b c d/m dst ip ip address destination ip address, format a b c d/m src dns group name source dns domain group, name refers to created domain group name dst dns group name destination dns domain group, name refers to created domain group name \[notes] when configuring dns acl related rules, please note that the src dns group/dst dns group matching fields cannot be configured and distributed together with src ip/dst ip \[use cases] sonic(config)# access list l3 test ingress sonic(config l3 acl test)# rule 1 dst dns group test1 packet action permit