DNS Server Readdressing
Whenever you use an unauthorized DNS server, you can modify the request to readdress the DNS IPs to use authorized servers. A ruledef determines if a packet belongs to a DNS query. It also determines if the DNS query belongs to a set of authorized DNS servers. If the DNS query does not belong to the authorized DNS servers, the flow action picks up DNS servers from the readdress server list.
You can configure the readdress-server-list command under active-charging service. When the flow matches a ruledef , you can configure the flow action to use the servers from readdress-server-list .
To configure the readdress server list under active-charging service, use the following configuration:
configure
active-charging service service_name
readdress-server-list name_of_list
server ipv4_address [ port ]
server ipv6_address [ port ]
Note | You can configure a maximum number of 10 servers in a readdress server list and a maximum of 10 readdress server lists under active-charging service. Both IPv4 and IPv6 addresses can be configured in the same readdress-server-list . |
Select the readdress-server-list from the list using one of the following methods:
-
Round-robin—Server selection occurs in a round-robin manner for every new flow. Inactive servers in the list are not considered during the selection.
This method is the default selection.
-
Hierarchy—The servers that are tagged in this approach are primary, secondary, tertiary, and so on, depending on the order they are defined in the readdress-server-list . All flows are readdressed to the primary server as long as it is available. If the primary server goes down, then flows are readdressed to the secondary server and the same logic recurs. Once the primary server is active, then flows switch back to the primary server for readdressing.
To configure the DNS readdress server list, use the following CLI configuration under active-charging service.
configure
active-charging service service_name
readdress-server-list name_of_list
server ipv4_address [ port ]
server ipv6_address [ port ]
consecutive-failures integer_value
response-timeout integer_value
reactivation-time integer_value
charging-action action_name
flow action readdress server-list name_of_list
exit
NOTES:
-
consecutive-failures —Specify an integer ranging from 1–10. The default value is 5 .
-
response-timeout —Specify an integer ranging from 1–10000 milliseconds. The default value is 1000 .
-
reactivation-time —Specify an integer ranging from 1–1800 seconds. The default value is 300 .
Readdress Server States
This section describes the readdress server states:
-
Active state—Once configured, all servers are marked as Active.
-
Inactive state—If no response is received from the readdressed server, then the server is marked as Inactive.
-
Active-Pending state—Once the server is in Active-Pending state, it is available to accept the requests for readdressing. In this state, if a request is readdressed to this server and response is returned from it, then the server state is changed to Active. Otherwise, it is moved back to Inactive state.