| 28.4. DNS Server | ||
|---|---|---|
 | Chapter 28. DNS - Domain Name System |  |
| 28.4. DNS Server | ||
|---|---|---|
| | Chapter 28. DNS - Domain Name System | |
To configure the DNS Resouce as a Server type the following command:
[11:56:50] ABILIS_CPX:s p dns act:yes server:yesCOMMAND EXECUTED [11:57:20] ABILIS_CPX:d p dnsRES:Dns - Not Saved (SAVE CONF), Not Refreshed (INIT) ------------------------- ------------------------------------------------------------------------ Run DESCR:Domain_Name_System LOG:NO ACT:YES udp-locport:53 SRCADD:OUT-IP TOS:0-N wdir:C:\APP\DNS\ - Resolver ------------------------------------------------------------- SERVERS:AUTO PRIMARY:# SECONDARY:# DELAY:5 RTY:1 CACHE:YES cache-size:500 - Relay/Server --------------------------------------------------------- RELAY:NO relay-size:500 RELAY-TOUT:10 RELAY-BLACKLIST:YES RELAY-BLACKLIST-BYPASS:# SERVER:YES IPSRC:* IPSRCLIST:#
Filters on the IP addresses allowed to the DNS service can be
applied by combining the parameters IPSRC and
IPSRCLIST.
In the following example, the “DNS_Allowed” list will be created and the range of IP from 192.168.1.10 to 192.168.1.50 will be added; otherwise, the address 192.168.1.100 will be set as the IP address Source.
[17:46:50] ABILIS_CPX:list create DNS_Allowed ir IP_Addresses_allowed_to_DNS_serviceCOMMAND EXECUTED [17:48:04] ABILIS_CPX:a list:dns_allowed 192.168.1.10:192.168.1.50COMMAND EXECUTED [17:48:19] ABILIS_CPX:d list:dns_allowed- Not Saved (SAVE CONF) ------------------------------------------------------- LIST:DNS_Allowed - IR IP_Addresses_allowed_to_DNS_service 192.168.001.010:192.168.001.050 [17:49:20] ABILIS_CPX:s p dns ipsrc:192.168.1.100 ipsrclist:dns_allowedCOMMAND EXECUTED [17:49:23] ABILIS_CPX:d p dns RES:Dns - Not Saved (SAVE CONF), Not Refreshed (INIT) ------------------------- ------------------------------------------------------------------------ Run DESCR:Domain_Name_System LOG:NO ACT:YES udp-locport:53 SRCADD:OUT-IP TOS:0-N wdir:C:\APP\DNS\ - Resolver ------------------------------------------------------------- SERVERS:AUTO PRIMARY:# SECONDARY:# DELAY:5 RTY:1 CACHE:YES cache-size:500 - Relay/Server --------------------------------------------------------- RELAY:NO relay-size:500 RELAY-TOUT:10 RELAY-BLACKLIST:YES RELAY-BLACKLIST-BYPASS:# SERVER:YES IPSRC:192.168.001.100 IPSRCLIST:DNS_Allowed
![[Caution]](../images/caution.png) | Caution |
|---|---|
To activate the changes made on the upper case parameters, execute the initialization command init res:dns; while to set act the changes made on the lowercase parameters a save conf and an Abilis restart are required (i.e. with warm start command). |
DNS server table can store up to 300 definitions (association between IP address and name). The table can be displayed with the following command. The d dns ? command displays the meaning of parameters.
[17:08:16] ABILIS_CPX:d dns server
Total records:0 Direct Lookup:0 Reverse Lookup:0 D&R Lookup:0
-------------------------------------------------------------------------------
ID: DIR: NAME: IP: TTL:
-------------------------------------------------------------------------------
*** NO DNS SERVER ENTRIES DEFINED ***Meaning of the fields:
IDDNS table entry identifier
DIRUsage of the record [D (direct): domain
names are translated into IP addresses; R
(reverse): it is allowed the inverse lookup of the DNS record;
DR (direct and reverse): the two features are
allowed].
NAMEdomain name.
IPIP address.
TTLThe Time To Live sets the duration storage into a DNS cache system before it's considered expired.
The previous DNS records Table can be managed with these commands:
d dns : displays all Local DNS server table entries;
d dns filter:val [filter:val] : displays any Local DNS server table entry matching the specified filter(s);
a dns id:val name:<name> ip:<ip> [par:val] : adds a Local DNS server table entry;
c dns id:val : clears a Local DNS server table entry;
s dns id:val [par:val] : sets parameters of a Local DNS server table entry.
Example: assign to the IP addresses 192.168.1.20 and 192.168.1.30 the domain names john.lan and frank.lan; the first entry will be set as direct, while the second as “both” (direct+reverse).
[17:10:12] ABILIS_CPX:a dns server id:1 dir:d name:john.lan ip:192.168.1.20COMMAND EXECUTED [17:10:21] ABILIS_CPX:a dns server id:2 dir:dr name:frank.lan ip:192.168.1.30COMMAND EXECUTED [17:10:46] ABILIS_CPX:d dns server- Not Saved (SAVE CONF) ------------------------------------------------------- Total records:2 Direct Lookup:1 Reverse Lookup:0 D&R Lookup:1 - Direct Lookup records: ------------------------------------------------------ ID: DIR: NAME: IP: TTL: ------------------------------------------------------------------------------- 1 D john.lan 192.168.001.020 3600 2 DR frank.lan 192.168.001.030 3600 - Reverse Lookup records: ----------------------------------------------------- ID: DIR: NAME: IP: TTL: ------------------------------------------------------------------------------- 2 DR frank.lan 192.168.001.030 3600
| Caution |
|---|---|
Changes made in the DNS Server Table don't require initialization commands. |
Set the PC DNS address to point to the IP address of the CPX. Now ping from a PC one of the domain names configured in the DNS server table; the result will be:
C:\Documents and Settings\Administrator>ping frank.lan
Esecuzione di Ping frank.lan [192.168.0.30] con 32 byte di dati:
Risposta da 192.168.0.30: byte=32 durata<10ms TTL=128
Risposta da 192.168.0.30: byte=32 durata<10ms TTL=128
Risposta da 192.168.0.30: byte=32 durata<10ms TTL=128
Risposta da 192.168.0.30: byte=32 durata<10ms TTL=128
Statistiche Ping per 192.168.0.30:
Pacchetti: Trasmessi = 4, Ricevuti = 4, Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
Minimo = 0ms, Massimo = 0ms, Medio = 0msThe DNS resolver give the chance to choose two different set of DNS:
one for domain lookup (translation from host name to ip address);
one for reverse lookup (translation from ip address to host name).
Each set is composed from a primary and a secondary DNS server.
Use the following command to add a primary dns server (ip address 1.1.1.1) and a secondary dns server (ip address 2.2.2.2) for the domain mydomain.test. The DNS resource uses these servers to resolve <any>.mydomain.test.
[19:32:57] ABILIS_CPX:a dns resolver domain id:1 name:mydomain.test pri:1.1.1.1 sec:2.2.2.2COMMAND EXECUTED [19:33:08] ABILIS_CPX:d dns resolver domain- Not Saved (SAVE CONF) ------------------------------------------------------- ------------------------------------------------------------------------------- ID: NAME: PRI: SEC: ------------------------------------------------------------------------------- 1 mydomain.test 001.001.001.001 002.002.002.002 [19:33:34] ABILIS_CPX:_save confVALIDATION IN PROGRESS ... VALIDATION SUCCESSFULLY EXECUTED SAVE EXECUTED
Type the command s dns resolver domain id:1 [parameterN:valueN] to modify an existing entry.
[10:09:54] ABILIS_CPX:_s dns resolver domain id:1 pri:3.3.3.3COMMAND EXECUTED [10:12:57] ABILIS_CPX:_d dns resolver domain- Not Saved (SAVE CONF) ------------------------------------------------------- ------------------------------------------------------------------------------- ID: NAME: PRI: SEC: ------------------------------------------------------------------------------- 1 mydomain.test 003.003.003.003 002.002.002.002 [10:12:58] ABILIS_CPX:_save confVALIDATION IN PROGRESS ... VALIDATION SUCCESSFULLY EXECUTED SAVE EXECUTED
Use the following command to clear the entry identified by id:N.
[10:19:52] ABILIS_CPX:_c dns resolver domain id:1COMMAND EXECUTED [10:20:02] ABILIS_CPX:_d dns resolver domain- Not Saved (SAVE CONF) ------------------------------------------------------- ------------------------------------------------------------------------------- ID: NAME: PRI: SEC: ------------------------------------------------------------------------------- *** NO DNS RESOLVER DOMAIN ENTRIES DEFINED ***
Use the following command to add a primary dns server (ip address 192.168.0.1) and a secondary dns server (ip address 192.168.0.2) for the ip network 10.10.10.0/24. The DNS resource uses these servers to do a reverse lookup for the net 10.10.10.0/24.
[19:36:11] ABILIS_CPX:a dns resolver reverse id:1 net:10.10.10.0/24 pri:192.168.0.1 sec:192.168.0.2COMMAND EXECUTED [19:36:43] ABILIS_CPX:d dns resolver reverse- Not Saved (SAVE CONF) ------------------------------------------------------- ------------------------------------------------------------------------------- ID: NET: PRI: SEC: ------------------------------------------------------------------------------- 1 010.010.010.000/24 192.168.000.001 192.168.000.002 [19:37:04] ABILIS_CPX:_save confVALIDATION IN PROGRESS ... VALIDATION SUCCESSFULLY EXECUTED SAVE EXECUTED
Displaying,modifying or clearing an entry can be done using the same command explained above, replacing domain with reverse:
Table 28.1. Managing DNS resolver table
| d dns resolver reverse | to display the reverse dns resolver parameters |
| s dns resolver reverse pri:192.168.0.5 | to set the ip address of primary dns server equal to 192.168.0.5 |
| c dns resolver reverse id:1 | to clear the entry identified by id equal to 1 |
| |  | |
| 28.3. DNS Relay |  | 28.5. DNS Blacklist (Web filter) |