Domain Name System (DNS) servers are responsible for translating Internet host names to IP addresses. For example, DNS converts the name entered on a Web browser address bar to the IP address of the Web server that hosts that particular Web site. DNS uses a distributed database to store this name and address information for all public hosts on the Internet.
When an Internet client issues a request that involves an Internet host name, a DNS server determines the host IP address. If the DNS server cannot service the request, it sends the request to other DNS servers until the IP address is resolved, completing the Internet client request.
The ME can service both DNS requests from internal client processes (resolver function) or act as a DNS server. As a resolver residing in the management process, it accepts requests for resolutions from client processes (e.g., SIP, route-server). The resolver maintains a cache of entries as does each client process. As a server, the ME accepts both internal and external queries. It may first try to use the resolver to respond to them or it may immediately forward (proxy) them to an external server. See the cname object description for request processing details.
Note:
The DNS resolver and server objects are located in different places in the CLI hierarchy. You configure the resolver within the VSP object and the server on an IP interface.Within the dns object, you can create static configurations to map a host or a domain to a SIP service. These are maintained in DNS NAPTR and SRV records. The ME also maintains a cache of query responses which it consults for information before querying an external server.
The ME has features in the resolver to process and attempt resolution of single-label queries. A single-label query is just that: a label that is not a fully qualified domain name (FQDN). Depending on the setting of the send-single-label-query property, The ME attempts to resolve these queries internally and/or externally. If the name is an FQDN, the system does not append a domain or search name.
The following table illustrates resolution for different query types. For this example, assume that the domain-name is set to nnos-e.com and additional search domains are set to search1.com and search2.com.
Table 15-1 Query Types and Resolutions
| Query type | Example | Resolutions |
|---|---|---|
|
Single-label |
abc |
abc abc.nnos-e.com abc.search1.com abc.search2.com |
|
Two label |
abc.com |
abc.com abc.com.nnos-e.com abc.com.search1.com abc.com.search2.com |
|
FQDN |
abc.com. |
abc.com. |
For more information on DNS, refer to:
Opens the DNS configuration object for editing. From within this object you configure DNS service and resolver characteristics and identify external servers that can respond to requests not satisfied through the internal DNS cache.
Sets the characteristics of the ME resolver function. As a resolver, the ME obtains resource records from servers on behalf of resident or requesting applications.
admin: Enables and disables the DNS configuration.
Default: enabled Values: enabled | disabled
Example: set admin disabled
server-scheme: Specifies how the ME selects the server to which it forwards DNS queries.
Default: preference-order
Values: preference-order: The preference assigned to the server with the preference property.
load-balance: Criteria such as pending queries and number of previous requests.
least-cost: The best performance, based on, in part, response time in previous queries.
Example: set server-scheme load-balance
query-timeout: Specifies the time, in seconds, that a lookup can go unanswered before it times out. Once it times out, the system retries for the configured number of times.
Default: 2
Values: Min: 1 / Max: 10
Example: set query-timeout 5
query-retries: Specifies the number of DNS query (lookup) retries to execute if a DNS query times out. Once the configured number of retries is attempted, the system tries the next configured server.
Default: 2
Values: Min: 0 (no retries) / Max: 10
Example: set query-retries 5
cache-poll-interval: Specifies the number of seconds that the system waits between refreshing the DNS cache and cleaning up aged entries.
Default: 60
Values: Min: 1 / Max: 65535
Example: set cache-poll-interval 100
dead-threshold: Specifies the number of unanswered queries the system can tolerate before changing the DNS server state to DOWN. The server remains in that state until expiration of the time set with the dead-interval property.
Default: 10
Values: Min: 1 / Max: 65535
Example: set dead-threshold 50
not-available-ttl: Specifies the number of seconds that the system caches DNS entries that are not found on the server. When the cache-poll-interval time expires, the system purges the entry.
Default: 3600
Example: set not-available-ttl 4500
use-nnos-domain-in-search: Specifies whether the resolver should append the configured domain name to queries it receives that are not FQDNs. If enabled, the ME appends the name set with the domain-name property of the static-stack-settings object to queries.
Default: enabled
Values: enabled | disabled
Example: set use-nnos-domain-in-search disabled
additional-search-domains: Specifies additional domains to append to single-label queries. When the ME receives a query which is not an FQDN, it appends the configured domain (if use-nnos-domain-in-search is enabled) and any additional domains specified with this property.
Default: There is no default setting
Example: set additional-search-domains companyabc.com
enum-domain: Specifies the domain name to append to a phone number when the system performs an ENUM lookup. The ENUM lookup converts a phone number to an IP address. By default, the system uses the standard ENUM DNS domain as specified in RFC 2916, E.164 number and DNS.
Default: e164.arpa
Example: set enum-domain e164.arpa
dead-interval: Secondary property. Specifies the number of seconds that a server is considered DOWN by the system. When unanswered responses exceed the threshold set with the dead-threshold property, the ME considers the server down. (The server state and the current dead count are reported using the show dns-resolver -v command.) The server stays in the down state (and therefore has no queries forwarded to it) for the number of seconds set with this property. When this timer expires, the dead count is reset to zero and server use resumes until the dead-threshold is once again reached.
Default: 10
Example: set dead-interval 5
send-single-label-queries: Secondary property. Specifies whether the ME processes queries that have only one label to the configured server. If a query comes in with only one label, the ME appends to the label the static domain (if use-nnos-domain-in-search is enabled) and any additional domains (if additional-search-domains is configured) while processing the query. If this property is enabled, the system forward the single-label query to external servers. If it is disabled, the system tries to resolve the query internally but, failing that, does not send it out to an external server.
Default: disabled
Values: enabled | disabled
Example: set
Configures the server(s) to use for DNS and ENUM queries. You can enter any number of servers, and specify, for each, its use (DNS, ENUM, or both). The ME selects which servers will handle a query based on the setting of the resolver > server-scheme property.
protocol: Sets the protocol the DNS resolver service uses to communicate with the identified server(s). Currently, UDP is the only supported protocol.
Default: UDP
Values: any | UDP | TCP | TLS
Example: set protocol tls
port: Sets the UDP port number over which the resolver service communicates with the identified server(s).
Default: 53
Example: set port 54
preference: Specifies the preference assigned to this server. The lower the value the higher the preference. This value is used if the resolver > server-scheme property is set to preference-order.
Default: 100
Example: set preference 50
type: Specifies the type of queries this server will perform. If both is not selected, only queries of the specified type are sent to the server.
Default: both
Values: dns-only | enum-only | both
Example: set type dns-only
name: Associates a name string with the server configuration. You can then reference this server from other parts of the configuration using this name. For example, the session configuration dns-client-settings objects uses these names to reference servers for client use.
Default: There is no default setting
Example: set name corp-server
Statically maps an IP address to a host name. Use this object to more easily manage your DNS configuration by using names instead of addresses. By creating a static configuration for a host name, you prevent a DNS lookup from going out on the wire.
The host object requires that you supply a name variable. This is the name of an Internet node, for example, a server, a router, or a PC in your network.
Creates a static SIP server-to-service configuration, adding a DNS server resource (SRV) record for each SIP service. (SRV records provide contacts for the specific domain services.) Within each service, you execute this object for each SIP server to establish the order in which to contact them.
The service object requires that you supply a domainName or hostName, a scheme of either SIP or H323, and a protocol. The ME derives the name of the service for which you are configuring server information from these entries.
rule <sipServer>[port][priority][weight]: Sets the priority of a SIP server when there are multiple servers configured for a service. This rule sets the criteria for selecting a SIP server for the service derived from the name and protocol entered for the service object.
Default: There is no default setting for the server; the default port is 5060; the default priority is 1; the default weight is 0.
Values: SIP-server: The name of the SIP server for the named service.
port: The port on the SIP server through which this service is accessed.
priority: The priority of the SIP server. The lower the number, the higher the priority. If two servers have the same priority, the system tries the server with the higher weight first. Enter a value between 1 and 65535.
weight: The preference weighting for use when priority settings are equal. The higher the weight, the higher the preference. Enter a value between 0 and 65535. Use a value of 0 when there is only one SIP server configured.
Example: set rule sipServer.companyABC.com 5001 1 10
Creates a static mapping of service information to a specific host or domain name. The ME uses this information to do a lookup for requests in which it cannot determine either the protocol or port of the destination.
Naming-authority pointer (NAPTR) records are used to set up different services in a domain. They contain rules for converting each request to the correct configured service. Because each transport service over SIP is viewed as a different service (SIP over TCP, UDP, or TLS are each different services), they establish three different NAPTR records. This object configures the preference for use of an appropriate service for each domain. Set one rule for each protocol: UDP, TCP, and TLS. Before a request can be forwarded on, the system must know both the protocol and port for the destination.
The following table describes the decision process for different types of received requests:
Table 15-2 Received Request Process
| The System Knows | The System Does Not Know | Resolution |
|---|---|---|
|
Protocol Port |
None |
No lookup is necessary. |
|
Protocol |
Port |
The system matches on the protocol in the NAPTR records. It then uses that record to identify which service to use. From there, the system does an SRV lookup on the service name to establish the port number. |
|
Port |
Protocol or Port Protocol |
The system does a NAPTR record lookup based on the port number (if known), starting with the protocol that has the highest priority. If the system cannot find a port match, or does not know the port number, it uses the default protocol (UDP) and the port provided in the original request. |
Enter the domain name or host name that you are going to map to a service.
match: Sets the match criteria for the domain name supplied when you opened the NAPTR object. If set to exact, the system only maps to service names that contain an exact match of the domain name you entered. If set to wildcard, the system maps to any service name containing the full domain name, but the service name may also contain additional characters to the left of the domain name. For example, if the NAPTR object were opened with the domain name companyABC.com, the service name could match, for example, abc.companyABC.com and xyz.companyABC.com.
Default: exact
Values: exact | wildcard
Example: set match wildcard
rule <protocol>[order][preference]: Sets the lookup procedure for destinations with unknown protocols or ports. You can only have one entry for each protocol within the domain name specified to open the naptr object. Enter a rule for each protocol (a total of three rules): UDP, TCP, and TLS.
Default: The default protocol is udp; the default order is 10; the default preference is 50
Values: protocol: The protocol that the rule applies to. Enter either any, UDP, TCP, or TLS.
order: The priority of the rule. Use this parameter to set the order in which the system checks The lower the number, the higher priority. If two rules have the same priority, the system uses the rule with the higher weight. Enter a value between 1 and 65535.
preference: The preference weighting for use when order settings are equal. The higher the weight, the higher the preference. Enter a value between 0 and 65535.
Example: set rule tls 5 10
Creates a static configuration mapping between an E.164 number and a host name, providing a static mapping function for unresolvable addresses. The configuration is applied when enum-operation property of the dial plan normalization object is enabled.
ENUMs are mappings between E.164 (the public network addressing standard) number assignments and URLs. ENUM is a protocol that makes internet resources addressable via a phone number. The protocol uses the DNS cache to identify services available to an E.164 number. By converting E.164 numbers into URLs, the ME uses Enum Server and Naming Authority Pointer (NAPTR) records to look up the services available for a specific E.164 number (via its domain name) in the DNS cache.
The mapping object requires that you supply a phoneNumber variable. Enter a number for which you want to create a permanent listing in the DNS/ENUM cache. The phone number must be at least four characters long. It is stored in the cache as type NAPTR.
For more information on using DNS to store E.164 numbers, refer to:
domain: Specifies the domain name to append to this phone number mapping. The system will use this domain when the performing an ENUM lookup. By default, the system uses the standard ENUM DNS domain as specified in RFC 2916, E.164 number and DNS.
Default: e164.arpa
Example: set domaine164.arpa
order: Sets the priority of the mapping when there are multiple entries for a single phone number. The lower the order number, the higher priority. If two mappings have the same priority, the system uses the entry with the higher preference (see below) first.
Default: 10
Values: Min: 1 / Max: 65535
Example: set order 30
preference: Sets the preference weighting for use when order settings are equal. The higher the weight, the higher the preference.
Default: 50
Values: Min: 1 / Max: 65535
Example: set preference 100
protocol: Sets the protocol that should be associated with the telephone number
Default: UDP
Values: UDP | TCP | TLS
Example: set protocol tcp
replacement: Specifies the name to associate with the phone number. This field is required. You must enter a SIP URL, in the format:
SIP: urlAddress
The URL address that you enter can be:
a host name only
an IP address only
username@hostName or username@ipAddress.
See the following SIP specifications for entry format details:
Default: There is no default setting
Example: set replacement url SIP:jane@company.com
Statically enters reject entries to the resource records in the cache. These entries are not cleared when the cache otherwise clears, and continually prevent access until the entry is manually removed. Because the record indicates that the entry is a failure, the system does attempt a lookup. (Dynamic reject entries work according to the DNS specification; they are cleared every 5 minutes.)
The reject object requires that you supply a name and a type. Enter a host name, service name, domain name, or IP address. Any request containing that name will be rejected. (See the property descriptions for information on entering wildcards.) Also enter the record type for the entry to be rejected, either:
A: Reject the supplied host name (IPv4 address).
PTR: Reject the supplied IP address (Address-to name-mapping pointer records).
SRV: Reject the supplied service name (Server resource rule).
NAPTR: Reject the supplied domain name (Naming Authority Pointer rule).
CNAME: Reject the canonical name record (makes one domain name an alias of another).
NS: Reject the name server record.
match: Sets the match criteria for the name supplied when you opened the reject object. If set to exact, the system only maps to names that contain an exact match of the name you entered. If set to wildcard, the system maps to any name containing the full name, plus any addition characters to the left of the name. Below, if the reject object were opened with the name companyABC.com, the service name could match, for example, tls.companyABC.com and udp.companyABC.com.
Default: exact
Values: exact | wildcard
Example: set match wildcard
A CNAME record maps a configured alias to a known name. This value can be exact or wildcarded.
match: Select whether the ME matches the CNAME exactly or if it is a wildcarded match.
Default: exact
Values: exact: The ME only matches if the FQDN is exact (in this example abc.com).
wildcard: The ME matches if the FQDN is a wildcard (in this example www.abc.com, but not if it's exactly abc.com).
Example: set match wildcard
alias: Enter the alias you want associated with CNAME records.
Default: There is no default setting
Example: set alias internal.abc.com
Identifies the IP interface on which the DNS server resides. The DNS server function is defined by the setting of the mode property. In proxy mode, the DNS server acts as a proxy server, in that it accepts a request, but forwards it to the configured server for fulfillment. In cache mode, the ME forwards the request to the resolver. If the resolver has a cached or static entry, it does not forward the request. Instead, it responds to the cname with that entry and the server responds to the requestor.
config cluster box number interface ethX ip name dns-server config cluster box number interface ethX vlan number ip name dns-server config box interface ethX ip name dns-server config box interface ethX vlan number ip name dns-server
admin: Enables or disables the DNS server on the current IP interface.
Default: enabled
Values: enabled | disabled
Example: set admin disabled
port: Sets the protocol and port used to send and receive DNS requests with the DNS server.
Default: The default protocol is udp; the default server port is 53 Values: udp | tcp [portNumber Min: 1 / Max: 65535]
Example: set port tcp 54
mode: Specifies where the system's DNS server functionality retrieves entries from. If set to cache, the default, the system accepts requests, but forwards them to the resolver for fulfillment. (If the resolver has a cached or static entry, it does not forward the request, but responds with the information.) If set to proxy, the system forwards the request directly to the specified server. Enter the IP address of the server, as well as the protocol and port for contact.
Default: cache Values: cache | proxy ipAddress [udp | tcp] [port]
Example: set mode proxy 10.10.10.10 tcp 222