Method used to configure a DNS resolution policy on AR series routers

18

In V2R5C90 and V200R006C10, an Huawei AR supports the DNS resolution policy. That is, access control can be performed for some sites based on the domain name. The DNS resolution policy is supported only when the AR functions as the DNS proxy or relay agent.
DNS resolution policy rules are configured using the rule rule-id [ if-match name hostname ] { deny | permit | spoofing ip-address } command. The domain name hostname can be parsed or not parsed, or a spoofing response is sent. rule-id specifies the DNS resolution rule ID. A smaller value indicates a higher priority of the rule. If the specified rule ID already exists, the new rule will overwrite the existing rule.
The configuration procedure is as follows:
[Huawei] dns proxy enable //Enable the DNS proxy function, or run the dns relay enable command to enable the DNS relay function.
[Huawei] dns resolve //Enable dynamic domain name resolution.
[Huawei] dns server 10.3.1.2 //Configure the IP address of the DNS server.
[Huawei] dns resolve policy a //Enter the DNS resolution policy view.
[Huawei-dns-resolve-policy-a] rule 0 if-match name www.huawei.com permit //Configure the rule to 0. If the domain name is www.huawei.com, parsing is allowed.
[Huawei-dns-resolve-policy-a] rule 1 spoofing 192.168.1.1 //For other domain names, a spoofing response is sent with the response address of 192.168.1.1.

Other related questions:
How do I implement DNS resolution for L2TP users on the AR router
Host resolution is implemented by DNS. The ip host command can be used to configure static DNS entries.

Method used to configure the DDNS clients on AR series routers
A Huawei AR (except for the AR 550) supports the DDNS client function. When the IP address mapping the domain name is changed, the DDNS client can notify the DNS server of updating the mapping between domain names and IP addresses on the DNS server to ensure that users can successfully access the servers on the network using domain names. The AR used as the DDNS client supports update through DDNS (defined by RFC 2136) and the DDNS server. DDNS update defined by RFC 2136: The AR used as the DDNS client directly updates the mapping between domain names and IP addresses on the DNS server. This function has been available since V200R005C10. Update through the DDNS server: The AR used as the DDNS client sends the mapping between domain names and IP addresses to the DDNS server with the specified URL. Then the DDNS server notifies the DNS server of dynamically updating the mapping between domain names and IP addresses. The AR can connect to DDNS servers from DDNS service providers www.3322.org,www.dyndns.com, and www.oray.cn, Siemens DDNS server, and common DDNS servers that use HTTP. There is no difference in the DDNS configuration between different models and versions of AR series routers. For details about the configuration process, see Configuration Guide - IP Service - DNS.

Method used to configure the public domain name for AR series routers
Huawei AR series routers support DNS client, DNS proxy or relay, and DDNS client, but do not support the DNS server. Public domain names need to be purchased and bound to the IP addresses on the DNS servers of carriers.

Method of configuring local policy routing of an AR router
The method of configuring local policy routing of an AR router is as follows: 1. Configure IP addresses of different interfaces. 2. Configure a static route. 3. Configure policy-based routing. For details about the configuration, see the URL: Example for Configuring Local PBR.

Method of configuring interface policy routing of an AR router
The roadmap of configuring interface policy routing of an AR router is as follows: 1. Configure a traffic classifier. 2. Configure a traffic behavior (redirection to a next hop or an outbound interface). 3. Configure a traffic policy. 4. Apply the traffic policy to the interface in the inbound direction. Supposed that the intranet is composed of two network segments 1.0 and 2.0, and traffic transmitted over 1.0 is redirected to China Telecom and traffic transmitted over 2.0 is redirected to China Unicom, then the configuration is as follows: # acl number 3001 rule 5 permit ip source 10.1.1.0 0.0.0.255 acl number 3002 rule 5 permit ip source 10.1.2.0 0.0.0.255 # traffic classifier redirect-dx operator or if-match acl 3001 traffic classifier redirect-lt operator or if-match acl 3002 # traffic behavior redirect-dx redirect ip-nexthop 1.1.1.1 traffic behavior redirect-lt redirect ip-nexthop 2.2.2.2 # traffic policy celvluyou classifier redirect-dx behavior redirect-dx classifier redirect-lt behavior redirect-lt # interface GigabitEthernet0/0/1 traffic-policy celvluyou inbound # For details about specific configuration cases, see the URL: Example for Configuring Interface PBR.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top