Cisco Catalyst 4500 Series Software Configuration Manual page 1197
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 45
Configuring AVC with DNS-AS
Client or DNS-AS client
Binding table
An "A" record
TXT DNS-AS resource
record or TXT record
Time-to-Live (TTL)
Authoritative DNS server
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Networking devices throughout your network. Host traffic is always
routed through such a client.
This configuration chapter deals with DNS-AS configuration
Note
on Cisco Catalyst Switches that are deployed as access
switches only. Throughout this document, the term client,
DNS-AS client, refers to the switch where AVC with DNS-AS
is enabled.
DNS-AS Clients receive metadata from an authoritative DNS server
and maintain a database of this information in the form of records.
How long the record remains in the client's database, is determined by
the record's TTL.
A table that resides in the client and serves as a database of parsed
DNS server responses [TXT records and "A" records].
Every client has a binding table of its own.
A record containing the domain name and IP address information
[Only IPv4 address]. This is one of the DNS-Server responses (the
other being the TXT record) and has a predefined lifespan.
A forward lookup request from a host is a request for an "A" record.
A record containing metadata. This is one of the DNS-Server
responses (the other being the "A" record) and has a predefined
lifespan.
A TXT record is limited to 255 characters.
For AVC with DNS-AS, the TXT attribute is always
TXT record that starts with
DNS-AS message.
Syntax—
CISCO-CLS=<option>:<val>{|<option>:<val>}*
The lifespan of an "A" record and TXT record in the binding table.
TTL values are configured on the DNS server.
While a TTL accompanies both TXT and "A" record responses, the
DNS client only goes by the "A" record response from the DNS server.
The go-to DNS server for all client metadata and "A" record requests.
Every DNS domain has only one authoritative DNS server.
Such a server maintains records of application metadata in the form of
a TXT record, and only returns responses to queries about domain
names that have been maintained in the required format.
The following is a sample metadata record in the prescribed format:
CISCO-CLS=app-name:example|app-class:TD|business:YES|app-i
d:CU/28202
About AVC with DNS-AS
CISCO-CLS
can be recognized as a
CISCO-CLS=
. Any
45-3
Advertisement
Chapters
Table of Contents
Troubleshooting
