HA Proxy DNS Configuration Mode Commands


HA Proxy DNS Configuration Mode Commands
 
The HA Proxy DNS Configuration Mode is used to create rules for HA proxy DNS intercept lists that redirect packets with unknown foreign DNS addresses to a home network DNS server.
 
Important: HA Proxy DNS Intercept is a license-enabled feature.
 
Important: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).
 
end
Exits the HA Proxy DNS Configuration Mode and returns to the Exec Mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
end
Usage
Use this command to return to the Exec mode.
 
exit
Exits the HA Proxy DNS Configuration Mode and returns to the Context Configuration Mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
exit
Usage
Use this command to return to the Context Configuration Mode.
 
pass-thru
Sets IP addresses that should be allowed through the proxy DNS intercept feature.
Product
HA
Privilege
Security Administrator, Administrator
Syntax
[ no ] pass-thru ip_address [ /ip_mask ]
no
Removes the DNS IP address from the pass-thru rule.
pass-thru ip_address [ /ip_mask ]
Specifies an DNS IP address that is allowed through the intercept feature.
ip_address [ /ip_mask ]: Specifies the IP address and network mask bits. ip_address [ /ip_mask ] is specified using the standard IPv4 or IPv6 dotted decimal notation and the mask bits are a numeric value which is the number of bits in the subnet mask (x.x.x.x/x).
Usage
Use this command to identify DNS IP addresses that should be allowed through the intercept feature. For a more detailed explanation of the proxy DNS intercept feature, see the proxy-dns intercept-list command in the Context Configuration Mode Commands chapter. A maximum of 16 intercept rules (either redirect or pass-thru) are allow for each intercept list.
Important: To allow packets through that do not match either the pass-thru or redirect rules, set a pass-thru rule address as: 0.0.0.0/0. If a packet does not match either the pass-thru or redirect rule, the packet is dropped.
Example
The following command allows a foreign network’s DNS with an IP address of 12.3.456.789 to avoid being redirected:
pass-thru 12.3.456.789
 
redirect
DNS IP addresses from foreign networks matching an IP address in this command are redirected to a home network DNS.
Product
HA
Privilege
Security Administrator, Administrator
Syntax
[ no ] redirect any [ primary-dns ip_address [ secondary-dns ip_address ] ]
no
Removes the DNS IP address from the redirect rule.
primary-dns ip_address
Specifies the IP address of the primary home network DNS.
ip_address is specified using the standard IPv4 or IPv6 dotted decimal notation.
secondary-dns ip_address
Specifies the IP address of the secondary home network DNS.
ip_address is specified using the standard IPv4 or IPv6 dotted decimal notation.
Usage
Use this command to identify DNS IP addresses from foreign networks that are to be redirected to the home DNS. For a more detailed explanation of the Proxy DNS feature, see the proxy-dns intercept-list command in the Context Configuration Mode Commands chapter. A maximum of 16 intercept rules (either redirect or pass-thru) are allow for each intercept list.
Since this command is configured in the source context, the destination context containing the path to the home network DNS is identified using the Context Configuration Mode command ip dns-proxy source-address.
Important: If a packet does not match the pass-thru or redirect rule, the packet is dropped. If primary-dns or secondary-dns is not configured, DNS messages are redirected to the primary-dns-server (or the secondary-dns-server) configured for the subscriber OR inside the context.
The following command identifies a foreign network DNS with an IP address of 1.23.456.789 and redirects it to a primary home network DNS with an IP address of 1.98.765.432:
redirect 1.23.456.789 primary-dns 1.98.765.432.
 
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883