Important: HA Proxy DNS Intercept is a license-enabled feature.
Important: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).ip_address [ /ip_mask ]: Specifies the IP address and network mask bits. ip_address [ /ip_mask ] is specified using IPv4 dotted decimal or IPv6 colon-separated notation. The mask bits are a numeric value which is the number of bits in the subnet mask (CIDR notation).
Use this command to identify DNS IP addresses that should be allowed through the intercept feature. For a more detailed explanation of the proxy DNS intercept feature, see the proxy-dns intercept-list command in the Context Configuration Mode Commands chapter. A maximum of 16 intercept rules (either redirect or pass-thru) are allow for each intercept list.
Important: To allow packets through that do not match either the pass-thru or redirect rules, set a pass-thru rule address as: 0.0.0.0/0. If a packet does not match either the pass-thru or redirect rule, the packet is dropped.The following command allows a foreign network’s DNS with an IP address of 10.2.55.12 to avoid being redirected:
primary-dns ip_address
ip_address is specified using IPv4 dotted-decimal or IPv6 colon-separated notation.
secondary-dns ip_address
ip_address is specified using IPv4 dotted-decimal or IPv6 colon-separated notation.
Use this command to identify DNS IP addresses from foreign networks that are to be redirected to the home DNS. For a more detailed explanation of the Proxy DNS feature, see the proxy-dns intercept-list command in the Context Configuration Mode Commands chapter. A maximum of 16 intercept rules (either redirect or pass-thru) are allow for each intercept list.
Since this command is configured in the source context, the destination context containing the path to the home network DNS is identified using the Context Configuration Mode command ip dns-proxy source-address.
Important: If a packet does not match the pass-thru or redirect rule, the packet is dropped. If primary-dns or secondary-dns is not configured, DNS messages are redirected to the primary-dns-server (or the secondary-dns-server) configured for the subscriber OR inside the context.The following command identifies a foreign network DNS with an IP address of 10.2.55.12 and redirects it to a primary home network DNS with an IP address of 10.3.4.5:
