HP 6125XLG R2306-HP 6125XLG Blade Switch Layer 3 - IP Services Configuration G - Page 93
Configuring the DNS trusted interface, Displaying and maintaining IPv4 DNS
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 93 highlights
DNS servers. In some scenarios, the DNS server only responds to DNS requests sourced from a specific IP address. In such cases, you must specify the source interface for the DNS packets so that the device can always uses the primary IP address of the specified source interface as the source IP address of DNS packets. When sending IPv4 DNS request, the device uses the primary IPv4 address of the source interface as the source IP address of the DNS request. When sending IPv6 DNS request, the device selects an IPv6 address from the addresses configured on the source interface as defined in RFC 3484 as the source IP address of the DNS request. If no IP address is configured on the source interface, the DNS packet fails to be delivered. You can configure only one source interface on the public network or a VPN. When you configure a new source interface, the last configuration takes effect. You can configure the source interface for the public network and a maximum of 1024 VPNs. To specify the source interface for DNS packets: Step 1. Enter system view. 2. Specify the source interface for DNS packets. Command system-view dns source-interface interface-type interface-number [ vpn-instance vpn-instance-name ] Remarks N/A By default, no source interface for DNS packets is specified. If you specify the vpn-instance vpn-instance-name option, make sure the source interface is on the specified VPN. Configuring the DNS trusted interface By default, an interface obtains DNS suffix and domain name server information from DHCP. The network attacker may act as the DHCP server to assign wrong DNS suffix and domain name server address to the device. As a result, the device fails to get the resolved IP address or may get the wrong IP address. With the DNS trusted interface specified, the device only uses the DNS suffix and domain name server information obtained through the trusted interface to avoid attack. To configure the DNS trusted interface: Step 1. Enter system view. Command system-view 2. Specify the DNS trusted interface. dns trust-interface interface-type interface-number Remarks N/A By default, no DNS trusted interface is specified. You can configure up to 128 DNS trusted interfaces. Displaying and maintaining IPv4 DNS Execute display commands in any view and reset commands in user view. 84