36.1. DNS Resource

36.1. DNS Resource
	Chapter 36. DNS - Domain Name System

The Abilis CPX DNS resource may behave as a DNS Resolver, as a DNS Relay or as a DNS Server too.

36.1.1. Activating the DNS resource

Add the resource to the Abilis system with the following command.

[12:18:28] ABILIS_CPX:a res:dns

RES:DNS ALREADY EXISTS

The DNS resource may already exist in the system, but may not yet be active: set it active with the command:

[12:18:31] ABILIS_CPX:s act res:dns

COMMAND EXECUTED

	Caution
	After adding or setting the DNS active, you must restart the Abilis to make the resource running (use the command warm start to reboot the Abilis).

[17:14:59] ABILIS_CPX:s p dns act:yes

COMMAND EXECUTED

[17:15:17] ABILIS_CPX:d p dns

RES:Dns -----------------------------------------------------------------------
       DESCR:Domain_Name_System
       LOG:NO           ACT:YES
       udp-locport:53   SRCADD:OUT-IP                        TOS:0-N
       wdir:C:\APP\DNS\
       - Resolver -------------------------------------------------------------
       SERVERS:STATIC
       PRIMARY:008.008.008.008   SECONDARY:208.067.222.222   TOUT:5
       CACHE:YES                 cache-size:500
       - Relay/Server ---------------------------------------------------------
       RELAY:YES                 relay-size:500
       RELAY-TOUT:10             RELAY-TTL-MAX:#
       RELAY-WHITELIST:YES       RELAY-WHITELIST-CLIENTS:DNSWhiteClients
       RELAY-BLACKLIST:YES       RELAY-BLACKLIST-BYPASS:DNSBlackBypass
       relay-log-size:5000       RELAY-LOG-EXCLUDE:DNSLogExclude
       SERVER:NO
       IPSRC:127.000.000.001     IPSRCLIST:PrivateIpAdd

36.1.2. DNS resource parameters

Use the following command to display the parameters of the resource; the command d p dns ? displays the meaning of all parameters.

[12:18:35] ABILIS_CPX:d p dns

RES:Dns -----------------------------------------------------------------------
       DESCR:Domain_Name_System
       LOG:NO           ACT:YES
       udp-locport:53   SRCADD:OUT-IP                        TOS:0-N
       wdir:C:\APP\DNS\
       - Resolver -------------------------------------------------------------
       SERVERS:STATIC
       PRIMARY:008.008.008.008   SECONDARY:208.067.222.222   TOUT:5
       CACHE:YES                 cache-size:500
       - Relay/Server ---------------------------------------------------------
       RELAY:YES                 relay-size:500
       RELAY-TOUT:10             RELAY-TTL-MAX:#
       RELAY-WHITELIST:YES       RELAY-WHITELIST-CLIENTS:DNSWhiteClients
       RELAY-BLACKLIST:YES       RELAY-BLACKLIST-BYPASS:DNSBlackBypass
       relay-log-size:5000       RELAY-LOG-EXCLUDE:DNSLogExclude
       SERVER:NO
       IPSRC:127.000.000.001     IPSRCLIST:PrivateIpAdd

Meaning of the most important parameters:

LOG

Logging functionalities activation/deactivation.

ACT

Operation activation [NO, YES].

udp-locport

DNS-relay listening UDP port [53].

SRCADD

Source IP address for outgoing requests [R-ID, OUT-IP, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x].

TOS

Sets the TOS value for DNS service; TOS or DS field:

p-t: PRECEDENCE-TOS, 'p' [0..7], 't' [N, D, T, R, C];
bbbbbb: DS value bit by bit, 'b' [0, 1].

wdir

Working directory. Full path with drive letter ['C'..'Z'] terminated by '\'. Max 128 chars. Spaces require double quotes (E.g. "C:\My dir\").

SERVERS

Servers IP resource [AUTO, Ip-nnn, STATIC], where 'nnn' is an IP resource index [1..250].

AUTO: DNS resolver uses the servers retrieved by an IP resources that negotiates them e.g. IP-PPP. DNS: parameter of IP resources must be set to RETRIEVE;
Ip-nnn: DNS resolver uses the available servers through Ip-nnn resource;
STATIC: DNS resolver uses PRIMARY and SECONDARY servers.

PRIMARY

DNS primary server IP address [#, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x].

SECONDARY

DNS secondary server IP address [#, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x].

CACHE

Activation/deactivation of DNS cache [NO, YES].

cache-size

Size of DNS cache [500..20000].

RELAY

Enable/disable the DNS Relay feature [NO, YES]. DNS relay allows the relay of external DNS requests of DNS clients from CPX to DNS server.

relay-size

Size of DNS relay table [500..20000].

RELAY-TOUT

Timeout waiting server response for relayed requests [5..60 sec.].

RELAY-TTL-MAX

Overwrite TTL of DNS relayed responses with the selected value [#, 0..315360000 sec]. When it is not equal to #, the DNS relayed response will use 'MIN(RELAY-TTL-MAX, delivered TTL)'. DNS cache keeps original TTL received from outside.

RELAY-WHITELIST

Enable/disable DNS whitelist service [NO, YES].

Whitelist is a service that can be enabled for a specific set of clients, based on their IP address.

For such clients the DNS will resolve only the domains in the whitelist.

The whitelist is enabled using CP but domains are inserted using the Web Filter page.

RELAY-WHITELIST-CLIENTS

List of IP addresses that are subject to Relay whitelist service [ListName, #].

RELAY-BLACKLIST

Enable/disable DNS Relay blacklist service [NO, YES].

RELAY-BLACKLIST-BYPASS

List of IP addresses that bypass Relay blacklist service [ListName, #].

relay-log-size

Size of resolved FQDN log [500..20000].

RELAY-LOG-EXCLUDE

List of exempt requestors, which should not be present in the resolved FQDN log.

SERVER

Enable/disable local DNS Server [NO, YES].

IPSRC

Accepted client's IP address [*, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x].

IPSRCLIST

List of further accepted source IP addresses [#, IP/IR/RU/MR listname].

The following command allows the administrator to change the configuration of the resource:

s p dns parameter:value...

	Caution
	To activate the changes made on the upper case parameters, execute the initialization command init res:dns; while to set act the changes made on the lowercase parameters a save conf and an Abilis restart are required (i.e. With warm start command).