HA Proxy DNS Configuration Mode Commands

The HA Proxy DNS Configuration Mode is used to create rules for Home Agent (HA) proxy DNS intercept lists that redirect packets with unknown foreign DNS addresses to a home network DNS server.

IMPORTANT:

HA Proxy DNS Intercept is a license-enabled feature.

IMPORTANT:

The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).

end

Exits the current configuration mode and returns to the Exec mode.

Product:

All


Privilege:

Security Administrator, Administrator


Syntax 
end

Usage:

Use this command to return to the Exec mode.

exit

Exits the current mode and returns to the parent configuration mode.

Product:

All


Privilege:

Security Administrator, Administrator


Syntax 
exit

Usage:

Use this command to return to the parent configuration mode.

pass-thru

Sets IP addresses that should be allowed through the proxy DNS intercept feature.

Platform:

ASR 5000

ASR 5500

Product:

HA


Privilege:

Security Administrator, Administrator


Syntax 
[ no ] pass-thru ip_address [ /ip_mask ]
no

Removes the DNS IP address from the pass-thru rule.

pass-thru ip_address [ /ip_mask ]

Specifies an DNS IP address that is allowed through the intercept feature.

ip_address [ /ip_mask ]: Specifies the IP address and network mask bits. ip_address [ /ip_mask ] is specified using IPv4 dotted decimal or IPv6 colon-separated-hexadecimal notation. The mask bits are a numeric value which is the number of bits in the subnet mask (CIDR notation).


Usage:

Use this command to identify DNS IP addresses that should be allowed through the intercept feature. For a more detailed explanation of the proxy DNS intercept feature, see the proxy-dns intercept-list command in the Context Configuration Mode Commands chapter. A maximum of 16 intercept rules (either redirect or pass-thru) are allow for each intercept list.

IMPORTANT:

To allow packets through that do not match either the pass-thru or redirect rules, set a pass-thru rule address as: 0.0.0.0/0. If a packet does not match either the pass-thru or redirect rule, the packet is dropped.


Example:
The following command allows a foreign network’s DNS with an IP address of 10.2.55.12 to avoid being redirected:
pass-thru 10.2.55.12
redirect

Redirects DNS IP addresses from foreign networks matching an IP address in this command to a home network DNS.

Platform:

ASR 5000

ASR 5500

Product:

HA


Privilege:

Security Administrator, Administrator


Syntax 
[ no ] redirect any [ primary-dns ip_address [ secondary-dns ip_address ] ]
no

Removes the DNS IP address from the redirect rule.

primary-dns ip_address

Specifies the IP address of the primary home network DNS.

ip_address is specified using IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.

secondary-dns ip_address

Specifies the IP address of the secondary home network DNS.

ip_address is specified using IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.


Usage:

Use this command to identify DNS IP addresses from foreign networks that are to be redirected to the home DNS. For a more detailed explanation of the Proxy DNS feature, see the proxy-dns intercept-list command in the Context Configuration Mode Commands chapter. A maximum of 16 intercept rules (either redirect or pass-thru) are allow for each intercept list.

Since this command is configured in the source context, the destination context containing the path to the home network DNS is identified using the Context Configuration Mode command ip dns-proxy source-address.

IMPORTANT:

If a packet does not match the pass-thru or redirect rule, the packet is dropped. If primary-dns or secondary-dns is not configured, DNS messages are redirected to the primary-dns-server (or the secondary-dns-server) configured for the subscriber OR inside the context.


Example:
The following command identifies a foreign network DNS with an IP address of 10.2.55.12 and redirects it to a primary home network DNS with an IP address of 10.3.4.5:
predirect 10.2.55.12
primary-dns 10.3.4.5