When Abilis acts as DNS resolver, it seems a DNS server to other IP stations while it simply forwards the requests to real DNS servers. Their responses are forwarded back to the original requesters.
Tip | |
---|---|
Refer to chapter Section 36.3.1, “Appendix - How DNS relay works” to know more information about DNS relay functioning. |
The example below shows how to configure the DNS Resource as Relay.
[17:12:51] ABILIS_CPX:s p dns act:yes relay:yes
COMMAND EXECUTED [17:13:12] ABILIS_CPX:d p dns
RES:Dns - Not Saved (SAVE CONF), Not Refreshed (INIT) ------------------------- ------------------------------------------------------------------------ Run DESCR:Domain_Name_System LOG:NO ACT:YES udp-locport:53 SRCADD:OUT-IP TOS:0-N wdir:C:\APP\DNS\ - Resolver ------------------------------------------------------------- SERVERS:AUTO PRIMARY:062.094.000.001 SECONDARY:062.094.000.002 DELAY:5 RTY:1 CACHE:YES cache-size:500 - Relay/Server --------------------------------------------------------- RELAY:NO relay-size:500 RELAY-TOUT:10 RELAY-WHITELIST:NO RELAY-WHITELIST-CLIENTS:# RELAY-BLACKLIST:YES RELAY-BLACKLIST-BYPASS:# RELAY-LOG-REQUESTERS: SERVER:YES IPSRC:* IPSRCLIST:# IPSRCLIST:#
Filters on the IP addresses allowed to the DNS service can be
applied by combining the parameters IPSRC
and
IPSRCLIST
.
In the following example, the “DN_Allowed” list will be created and the range of IP from 192.168.1.10 to 192.168.1.50 will be added; otherwise, the address 192.168.1.100 will be set as the IP address Source.
[17:46:50] ABILIS_CPX:list create DNS_Allowed ir IP_Addresses_allowed_to_DNS_service
COMMAND EXECUTED [17:48:04] ABILIS_CPX:a list:dns_allowed 192.168.1.10:192.168.1.50
COMMAND EXECUTED [17:48:19] ABILIS_CPX:d list:dns_allowed
- Not Saved (SAVE CONF) ------------------------------------------------------- LIST:DNS_Allowed - IR IP_Addresses_allowed_to_DNS_service 192.168.001.010:192.168.001.050 [17:49:20] ABILIS_CPX:s p dns ipsrc:192.168.1.100 ipsrclist:dns_allowed
COMMAND EXECUTED [17:49:23] ABILIS_CPX:d p dns
RES:Dns - Not Saved (SAVE CONF), Not Refreshed (INIT) ------------------------- ------------------------------------------------------------------------ Run DESCR:Domain_Name_System LOG:NO ACT:YES udp-locport:53 SRCADD:OUT-IP TOS:0-N wdir:C:\APP\DNS\ - Resolver ------------------------------------------------------------- SERVERS:AUTO PRIMARY:062.094.000.001 SECONDARY:062.094.000.002 DELAY:5 RTY:1 CACHE:YES cache-size:500 - Relay/Server --------------------------------------------------------- RELAY:YES relay-size:500 RELAY-TOUT:10 RELAY-BLACKLIST:YES RELAY-BLACKLIST-BYPASS:# RELAY-LOG-REQUESTERS: SERVER:NO IPSRC:192.168.001.100 IPSRCLIST:DNS_Allowed
Caution | |
---|---|
To activate the changes made on the upper case parameters, execute the initialization command init res:dns; while to set act the changes made on the lowercase parameters a save conf and an Abilis restart are required (i.e. With warm start command). |
The Abilis CPX DNS Resolver first requests the primary DNS Server.
If it doesn't get any response, it forwards the same query to both primary and secondary server after 500 milliseconds;
If no response is received, another request is sent to both servers after 1 second;
In case of no answer, the same procedure is repeated after 1 second and after 2 seconds;
If the DNS Resolver doesn't get any answer within 4 seconds, it terminates the procedure.
This procedure is repeated for a number of times equal to the
value set in the RTY
parameter. The delay (in
seconds) between two subsequent queries can be set with the
DELAY
parameter.