Configuring The Dns Trusted Interface; Setting The Dscp Value For Outgoing Dns Packets - HPE FlexNetwork 10500 Series Configuration Manual

Layer 3-ip services

Hide thumbs Also See for FlexNetwork 10500 Series:

Security command reference (881 pages)

Security configuration manual (702 pages)

Network management and monitoring command reference (423 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

Table of Contents

When sending an IPv6 DNS request, the device follows the method defined in RFC 3484 to select an

IPv6 address of the source interface.

You can configure only one source interface on the public network or a VPN instance. You can

configure the source interface for both public network and VPN instances.

To specify the source interface for DNS packets:

Step

Enter system view.

Specify the source

interface for DNS

packets.

Configuring the DNS trusted interface

This task enables the device to use only the DNS suffix and domain name server information

obtained through the trusted interface. The device can then obtain the correct resolved IP address.

This feature protects the device against attackers that act as the DHCP server to assign incorrect

DNS suffix and domain name server address.

To configure the DNS trusted interface:

Step

Enter system view.

Specify the DNS trusted

interface.

Setting the DSCP value for outgoing DNS packets

The DSCP value of a packet specifies the priority level of the packet and affects the transmission

priority of the packet. A bigger DSCP value represents a higher priority.

To set the DSCP value for outgoing DNS packets:

Step

Enter system view.

Set the DSCP value for

DNS packets sent by a

DNS client.

Command

system-view

dns source-interface interface-type

interface-number [ vpn-instance

vpn-instance-name ]

Command

system-view

dns trust-interface interface-type

interface-number

Command

system-view

•

DSCP value for IPv4 DNS

packets:

dns dscp dscp-value

•

DSCP value for IPv6 DNS

packets:

ipv6 dns dscp dscp-value

112

Remarks

N/A

By default, no source interface for

DNS packets is specified.

If you execute the command

multiple times, the most recent

configuration takes effect.

If you specify the vpn-instance

vpn-instance-name option, make

sure the source interface belongs

to the specified VPN instance.

Remarks

N/A

By default, no DNS trusted

interface is specified.

You can configure up to 128 DNS

trusted interfaces.

Remarks

N/A

By default, the DSCP value is 0 in

DNS packets sent by a DNS

client.

Table of Contents

Configuring The Dns Trusted Interface; Setting The Dscp Value For Outgoing Dns Packets - HPE FlexNetwork 10500 Series Configuration Manual

Configuring the DNS trusted interface

Setting the DSCP value for outgoing DNS packets

Troubleshooting

Related Manuals for HPE FlexNetwork 10500 Series

Related Content for HPE FlexNetwork 10500 Series

Table of Contents