When configuring static DNS entries, do I have to enable dynamic DNS resolution


No, you do not need to enable dynamic domain name service (DNS) resolution when configuring static domain name service (DNS) entries. You must enable dynamic DNS resolution when configuring dynamic DNS entries.

Other related questions:
Are dynamic DNS entries aged at intervals of the aging time or using the command
Yes. Run the reset dns dynamic-host command to clear dynamic domain name service (DNS) entries.

Method used to configure a DNS resolution policy on AR series routers
In V2R5C90 and V200R006C10, an Huawei AR supports the DNS resolution policy. That is, access control can be performed for some sites based on the domain name. The DNS resolution policy is supported only when the AR functions as the DNS proxy or relay agent. DNS resolution policy rules are configured using the rule rule-id [ if-match name hostname ] { deny | permit | spoofing ip-address } command. The domain name hostname can be parsed or not parsed, or a spoofing response is sent. rule-id specifies the DNS resolution rule ID. A smaller value indicates a higher priority of the rule. If the specified rule ID already exists, the new rule will overwrite the existing rule. The configuration procedure is as follows: [Huawei] dns proxy enable //Enable the DNS proxy function, or run the dns relay enable command to enable the DNS relay function. [Huawei] dns resolve //Enable dynamic domain name resolution. [Huawei] dns server //Configure the IP address of the DNS server. [Huawei] dns resolve policy a //Enter the DNS resolution policy view. [Huawei-dns-resolve-policy-a] rule 0 if-match name www.huawei.com permit //Configure the rule to 0. If the domain name is www.huawei.com, parsing is allowed. [Huawei-dns-resolve-policy-a] rule 1 spoofing //For other domain names, a spoofing response is sent with the response address of

Problem and solution when the USG6000 DNS Client cannot perform dynamic domain name resolution
What if the firewall DNS Client cannot perform dynamic domain name resolution? Symptom The firewall serves as the DNS Client and has the dynamic domain name resolution function configured. However, it cannot obtain the correct IP address based on domain name resolution. Operation steps 1. Run the display dns dynamic-host command to check whether the dynamic domain name cache information contains the specified domain name. If no, check whether the communication between the DNS Client and DNS Server is normal, whether the DNS Server works properly, and whether the dynamic domain name resolution function has been enabled. If yes, but the IP address is incorrect. Go to step 2. 2. Run the display dns server command to check the DNS Server configuration information. Check whether the DNS Server IP address configured on the DNS Client is correct. If the DNS Server address is incorrect, run the undo dns server ip-address command to delete the configured DNS Server address and then run the dns server ip-address command to configure a correct DNS Server address.

Whether USG firewalls support DNS resolution
The USG2000, USG5000, and USG6000 support DNS resolution. However, they must be configured as DHS clients instead of DNS servers.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top