Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

dns-filtering

 

Syntax

Hierarchy Level

Release Information

Command introduced in Junos OS Release 20.4R1.

Description

Configure DNS filtering to identify DNS requests for disallowed domains.

Note

The DNS sinkhole must be configured only for DNS profile category.

Options

dns-resp-ttlConfigure the time-to-live (TTL) value in seconds to send_IN_the DNS response after taking the DNS sinkhole action. The maximum value for DNS response TTL is 86400 (24 hour). Default value is 1800 (30 min).
fqdnConfigure the fully qualified domain name (FQDN) that must be sent in the DNS response for the sinkhole domains.
ipv4-addressConfigure the sinkhole IPv4 address.
ipv6-addressConfigure the sinkhole IPv6 address.
srv-resp-err-codeConfigure the DNS response error code that must be sent for bad domains for server query type.
txt-resp-err-codeConfigure the DNS response error code that must be sent for bad domains for text query type.
wildcarding-levelConfigure the number of levels that will be iteratively examined for a domain match. The range is 0 to 10. The default value is 10.
fileConfigure traffic sampling tracing operations. You can configure the following:
  • file-name—Specify the file name in which to write trace information.

  • files—Specify the maximum number of trace files to be saved with samples or trace data. The range is 2 to 1000.

  • match—Specify the regular expression for lines to be logged for tracing.

  • size—Specify the maximum trace file size, in kilobytes (KB), megabytes (MB), or gigabytes (GB). Syntax: xk to specify KB, xm to specify MB, or xg to specify GB. The range is 10240 to 1073741824.

  • no-world-readable—Disable unrestricted file access.

  • world-readable—Enable unrestricted file access. Allows any user to read the log file.

flagTracing flag parameters. The available options are:
  • all—Trace everything

  • config—Trace DNS filtering configuration events

  • connect—Trace DNS filtering IPC events

  • dns—Trace DNS filtering crawler events

  • filter—Trace DNS filtering filter programming events

  • gencfg—Trace DNS filtering gencfg events

  • normal— Trace normal events

  • operation-commands—Trace DNS filtering show events

  • parse—Trace DNS filtering parse events

  • routing—Trace DNS filtering route programming events

  • snmp— Trace DNS filtering snmp events

  • statistics—Trace DNS filtering statistics events

  • system—Trace DNS filtering system events

  • timer—Trace DNS filtering timer events

levelLevel of debugging output. The available options are:
  • all—Match all levels

  • error—Match error conditions

  • info—Match informational messages

  • notice—Match conditions that should be handled specially

  • verbose—Match verbose messages

  • warning—Match warning messages

no-remote-traceDisable remote tracing.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.