dns-filter
Syntax
dns-filter { database-file filename; dns-resp-ttl seconds; dns-server [ ip-address ]; hash-key key-string; hash-method hash-method-name; statistics-log-timer minutes; wildcarding-level level; }
Hierarchy Level
[edit services web-filter profile profile-name], [edit services web-filter profile profile-name dns-filter-template template-name]
Description
Configure the settings for filtering DNS requests for disallowed website domains. Filtering can result in either:
Blocking access to the site by sending the client a DNS response that includes an IP address or domain name of a sinkhole server instead of the disallowed domain.
Logging the DNS request and allowing access.
Settings at the [edit services web-filter profile profile-name dns-filter-template template-name
] hierarchy level override the corresponding settings at the [edit services web-filter profile profile-name]
hierarchy level.
Options
database-file filename | Name of the domain filter database file to use when filtering DNS requests. |
dns-resp-ttl seconds | Number of seconds to live while sending the DNS response after taking the DNS sinkhole action.
|
dns-server [ ip-address ] | (Optional) IP addresses (IPv4 or IPv6) for up to three specific DNS servers. DNS filtering examines only DNS requests that are destined for those DNS servers. |
hash-key key-string | Hash key that you used to create the hashed domain name in the domain filter database file. |
hash-method hash-method-name | Hash method that you used to create the
hashed domain name in the domain filter database file. The only supported
hash method is |
statistics-log-timer minutes | Number of minutes in the interval for logging statistics for DNS requests and for sinkhole actions performed for each customer IP address.
|
wildcarding-level level | Level of subdomains that are searched for a match. A value of 0 indicates that subdomains are not searched. For example, if you set the
|
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 18.3R1 on MX Series.
Support added for Next Gen Services on MX Series routers MX240, MX480 and MX960 with MX-SPC3 services cards in Junos OS Release 19.3R2.