DNS Name Server Addresses for Subscriber Management

 

DNS Name Server Address Overview

When a client attempts to access a domain—for example, www.example.com—a request is sent to a Domain Name System (DNS) name server. The name server stores information that correlates domain names with IP addresses; the IP address is used to reach the requested domain. In response to the client request, the name server looks up the IP address for the domain—192.0.2.10 for www.example.com—and returns it to the client.

In your network configuration, you must configure the address of one or more name servers locally on the router or on your RADIUS server. The local configuration supports the following subscriber types:

  • DHCPv4 or DHCPv6

  • IP over Ethernet (VLAN)

  • Terminated PPPoE (IPv4 or IPv6)

  • Tunneled PPPoE (IPv4 or IPv6)

You can configure the name server addresses globally (per routing instance), per access profile, or, for DHCP only, per address pool. You can configure more than one name server in a routing instance or access profile by repeating the statement for each address.

Because you can configure name server addresses at more than one level, the address returned to the client is determined by the order of preference among the levels. The preference depends on the client type.

  • For DHCP subscribers, the preference in descending order is

    RADIUS > DHCP address pool > access profile > global

  • For non-DHCP subscribers, the preference in descending order is

    RADIUS > access profile > global

According to the preference order, a name server address configured in RADIUS is preferred by all subscriber types over all other configuration levels. For all subscriber types, the global name server address is used only when no other name server addresses are configured. When a name server address is configured only in a DHCP address pool, then no address is available to non-DHCP subscribers.

When you configure multiple addresses for a name server, the order in which you configure them determines the preference within that configuration. The preference according to configuration level supersedes this ordering.

There is no restriction on the number of DNS name server addresses that you can configure. For DHCP subscribers, all the addresses are sent in DHCP messages. However, only two addresses—determined by preference order—are sent to PPP subscribers.

All changes in these locally configured DNS name servers affect only new subscribers that subsequently log in. Existing subscribers are not affected by the changes.

Configuring DNS Name Server Addresses for Subscriber Management

This topic describes the procedure for configuring DNS name server addresses at the access profile and routing instance levels. For information about configuring addresses in DHCP address pools, see the DHCP topics referenced in the Related Documentation section. For information about configuring addresses on your RADIUS server, refer to your RADIUS software documentation. The order in which the name server configurations at different levels are preferred is described in DNS Name Server Address Overview.

Best Practice

In practice, choose either the domain-name-server statement or the domain-name-server-inet statement for IPv4 addresses. They both have the same effect and there is no need to use both statements. If you do use both statements, addresses configured with domain-name-server-inet are preferred over addresses configured with domain-name-server.

For example, the following sample configuration specifies two IPv4 domain name servers. The server configured with the domain-name-server-inet statement, 192.0.2.23, is preferred over the server configured with the domain-name-server statement, 198.51.100.31.

To configure DNS name server addresses globally:

  • Configure an IPv4 address.

    Alternatively, you can use a different statement to configure an IPv4 address.

  • Configure an IPv6 address.

For example, to configure multiple addresses of each type:

To configure DNS name server addresses in an access profile:

  • Configure an IPv4 address.

    Alternatively, you can use a different statement to configure an IPv4 address.

  • Configure an IPv6 address.

For example, to configure multiple addresses of each type:

Overriding How the DNS Server Address Is Returned in a DHCPv6 Multiple Address Environment

In a DHCPv6 environment, DHCPv6 clients can use a single Solicit message to request multiple addresses (an IA_NA address, an IA_PD address, or both), as well as the DNS server address (DHCPv6 attribute 23). By default, the DHCPv6 local server returns the DNS server address as a global DHCPv6 option.

You can override the default behavior and specify that the DHCPv6 local server returns DNS server addresses as their respective IA_NA and IA_PD suboptions. You can configure the DHCPv6 local server to support the override globally, for a specific group, or for a specific interface.

Caution

Some customer premises equipment (CPE) cannot recognize the DNS server address when the address is returned as an IA_NA or IA_PD suboption, which can create interoperability issues.

To configure the DHCPv6 local server to return the DNS server address as an IA_NA or IA_PD suboption.

  1. Specify that you want to configure DHCPv6 override options.
  2. Override the default behavior. DHCPv6 local server now returns DNS server addresses as the respective IA_PD or IA_NA suboption.

DNS Resolver for IPv6 DNS Overview

In a network that uses Neighbor Discovery Router Advertisement (NDRA) to provide IPv6 addressing, the DNS server address can be provided in Router Advertisements sent to IPv6 hosts. The address is included in a field called Recursive DNS Server (RDNSS). This feature is useful in networks that are not running DHCPv6.

RADIUS can populate the RDNSS field dynamically when an IPv6 subscriber logs in. On the RADIUS server, you can configure a primary and secondary DNS address in the following VSAs, which are stored in the $junos-ipv6-dns-server variable:

  • Ipv6-Primary-DNS (26-47)

  • Ipv6-Secondary-DNS (26-48)

When a subscriber logs in, RADIUS provides the actual DNS server address in the Access-Accept message.

You can also configure a static IPv6 address for DNS servers.

After the subscriber session is established, the DNS address is stored in the session database. When the router sends IPv6 router advertisements, it uses this DNS address in the RDNSS field in the Router Advertisement option.

Configuring a DNS Server Address for IPv6 Hosts

To configure a dynamic DNS server address for IPv6 hosts:

  1. Specify that the router receives the DNS server address in the $junos-ipv6-dns-server-address variable sent from RADIUS servers in the Access-Accept message when the subscriber logs in.
  2. Specify the time in seconds for which the DNS server address remains valid.

    The default value of the lifetime is 1800 seconds.

To configure a static DNS server address for IPv6 hosts:

  1. Specify the IPv6 address of the DNS server.
  2. Specify the time in seconds for which the DNS server address remains valid.

    The default value of the lifetime is 1800 seconds.