查看所有主 DNS 检测计数器和 Umbrella 配置信息,而无需 detail 关键字。状态字段提供系统尝试在思科 Umbrella 中注册使用的 HTTP 状态代码。
解析器行表示正在使用的 Umbrella 服务器。这些行将指出服务器是否无响应,或系统当前是否正在探测服务器以确定服务器是否可用。如果模式为故障时打开模式,系统将允许 DNS 请求转至其他 DNS 服务器 (如果配置);否则,只要 Umbrella 服务器无响应,DNS 请求就不会收到任何响应。
asa(config)# show service-policy inspect dns
Interface inside:
Service-policy: global_policy
Class-map: inspection_default
Inspect: dns preset_dns_map, packet 0, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
message-length maximum client auto, drop 0
message-length maximum 512, drop 0
dns-guard, count 0
protocol-enforcement, drop 0
nat-rewrite, count 0
umbrella registration: mode: fail-open tag: default, status: 200 success, device-id: 010a13b8fbdfc9aa
Umbrella ipv4 resolver: 208.67.220.220
Umbrella ipv6 resolver: 2620:119:53::53
Umbrella: bypass 0, req inject 0 - sent 0, res recv 0 - inject 0 local-domain-bypass 10
DNScrypt egress: rcvd 402, encrypt 402, bypass 0, inject 402
DNScrypt ingress: rcvd 804, decrypt 402, bypass 402, inject 402
DNScrypt: Certificate Update: completion 10, failure 1
详细输出显示 DNScrypt 统计信息和使用的密钥。
asa(config)# show service-policy inspect dns detail
Global policy:
Service-policy: global_policy
Class-map: inspection_default
Class-map: dnscrypt30000
Inspect: dns dns_umbrella, packet 12, lock fail 0, drop 0, reset-drop 0,
5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
message-length maximum client auto, drop 0
message-length maximum 1500, drop 0
dns-guard, count 3
protocol-enforcement, drop 0
nat-rewrite, count 0
Umbrella registration: mode: fail-open tag: default, status: 200 SUCCESS, device-id: 010af97abf89abc3, retry 0
Umbrella ipv4 resolver: 208.67.220.220
Umbrella ipv6 resolver: 2620:119:53::53
Umbrella: bypass 0, req inject 6 - sent 6, res recv 6 - inject 6 local-domain-bypass 10
Umbrella app-id fail, count 0
Umbrella flow alloc fail, count 0
Umbrella block alloc fail, count 0
Umbrella client flow expired, count 0
Umbrella server flow expired, count 0
Umbrella request drop, count 0
Umbrella response drop, count 0
DNScrypt egress: rcvd 6, encrypt 6, bypass 0, inject 6
DNScrypt ingress: rcvd 18, decrypt 6, bypass 12, inject 6
DNScrypt length error, count 0
DNScrypt add padding error, count 0
DNScrypt encryption error, count 0
DNScrypt magic_mismatch error, count 0
DNScrypt disabled, count 0
DNScrypt flow error, count 0
DNScrypt nonce error, count 0
DNScrypt: Certificate Update: completion 1, failure 1
DNScrypt Receive internal drop count 0
DNScrypt Receive on wrong channel drop count 0
DNScrypt Receive cannot queue drop count 0
DNScrypt No memory to create channel count 0
DNScrypt Send no output interface count 1
DNScrypt Send open channel failed count 0
DNScrypt Send no handle count 0
DNScrypt Send dupb failure count 0
DNScrypt Create cert update no memory count 0
DNScrypt Store cert no memory count 0
DNScrypt Certificate invalid length count 0
DNScrypt Certificate invalid magic count 0
DNScrypt Certificate invalid major version count 0
DNScrypt Certificate invalid minor version count 0
DNScrypt Certificate invalid signature count 0
Last Successful: 01:42:29 UTC May 2 2018, Last Failed: None
Magic DNSC, Major Version 0x0001, Minor Version 0x0000,
Query Magic 0x714e7a696d657555, Serial Number 1517943461,
Start Time 1517943461 (18:57:41 UTC Feb 6 2018)
End Time 1549479461 (18:57:41 UTC Feb 6 2019)
Server Public Key 240B:11B7:AD02:FAC0:6285:1E88:6EAA:44E7:AE5B:AD2F:921F:9577:514D:E226:D552:6836
Client Secret Key Hash 48DD:E6D3:C058:D063:1098:C6B4:BA6F:D8A7:F0F8:0754:40B0:AFB3:CB31:2B22:A7A4:9CEE
Client Public key 6CB9:FA4B:4273:E10A:8A67:BA66:76A3:BFF5:2FB9:5004:CD3B:B3F2:86C1:A7EC:A0B6:1A58
NM key Hash 9182:9F42:6C01:003C:9939:7741:1734:D199:22DF:511E:E8C9:206B:D0A3:8181:CE57:8020