DNS Configuration Guide

introduction introduction the domain name system (dns) is one of the core services of the internet it functions as a distributed database that maps domain names to ip addresses, enabling users to access the internet more conveniently through its hierarchical naming architecture, dns achieves unified management and resolution of global domain names, providing users with an intuitive and easy to remember method for accessing websites the advantages of dns include an efficient domain name resolution mechanism, a distributed system architecture, robust caching capabilities, and reliable redundancy backups compared to traditional host file based resolution methods, dns is more efficient, reliable, and scalable, delivering a seamless internet access experience for users dns configuration dns configuration enable dns relay function enable dns relay function operation command description enter the system configuration view configure terminal enable dns relay function dns relay enable configuring dns domain name server configuring dns domain name server operation command description enter the system configuration view configure terminal configure dns domain name server dns server a b c d configure server ip, such as 8 8 8 8 configuring dns request list configuring dns request list operation command description enter the system configuration view configure terminal enter dns query group configuration view dns query group \<string> string configure dns request list name configure the domain name that needs to be queried query \<hostname> hostname configure domain name, maximum length 64 bytes configuring dns acl configuring dns acl operation command description enter the system configuration view configure terminal enter acl configuration view access list {l3|l3v6} \<string> {ingress|egress} enter acl configuration view configure corresponding dns acl matching fields {src dns group|dst dns group} \<string> string：configure the dns request list names to match, note that src dns group | dst dns group cannot be matched with src ip | dst ip together display and maintenance display and maintenance operation command display dns server show dns server example of dns acl configuration example of dns acl configuration network requirements enterprise networking hopes to set firewall rules through devices, such as prohibiting all traffic originating from a certain domain group from entering and accessing the intranet from the device in order to ensure that firewall rules can be correctly configured and effective, dns acl rules need to be configured as follows procedure sonic(config)# dns relay enable sonic(config)# dns server 114 114 114 114 sonic(config)# dns query group test sonic(config dns query group test)# query www baidu com sonic(config dns query group test)# query www taobao com sonic(config dns query group test)# exit sonic(config)# access list l3 test1 ingress sonic(config l3 acl test1)# rule 1 src dns group test packet action deny sonic(config l3 acl test1)# exit sonic(config)# interface ethernet 3 sonic(config if 3)# acl test1 sonic(config if 3)# exit