dns-filter-template
Syntax
dns-filter-template template-name { client-interfaces [ client-interface-name ]; client-routing-instance client-routing-instance-name; dns-filter { database-file filename; dns-resp-ttl seconds; dns-server [ ip-address ]; hash-key key-string; hash-method hash-method-name; statistics-log-timer minutes; wildcarding-level level; } server-interfaces [ server-interface-name ]; server-routing-instance server-routing-instance-name; term term-name { from { src-ip-prefix [ source-prefix ]; } then { accept; dns-sinkhole; } } }
Hierarchy Level
[edit services web-filter profile profile-name]
Description
Configure filtering of DNS requests for disallowed website domains for requests on specific uplink and downlink logical interfaces or routing instances, or for requests from specific source IP address prefixes. The DNS filter template overrides the corresponding settings at the DNS profile level. You can configure up to 32 DNS filter templates in a profile.
Filtering can result in either:
Blocking access to the site by sending the client a DNS response that includes an IP address or domain name of a sinkhole server instead of the disallowed domain.
Logging the DNS request and allowing access.
Options
accept | Accept DNS requests for DNS filtering. |
client-interfaces [ client-interface-name ] | (Optional) Client-facing (uplink) logical interfaces on which the DNS filter template settings are applied. |
client-routing-instance client-routing-instance-name | (Optional) Client-facing (uplink) routing instance on which the DNS filter template settings are applied. |
dns-filter-template template-name | Name of the DNS filter template. |
dns-sinkhole | Perform the sinkhole action identified in the domain filter database for disallowed DNS requests. |
server-interfaces [ server-interface-name ] | (Optional) Server-facing logical interfaces (downlink) on which the DNS filter template settings are applied. |
server-routing-instance server-routing-instance-name | (Optional) Server-facing (downlink) routing instance on which the DNS filter template settings are applied. Note:
If you configure the client and server interfaces or the client and server routing instances, implicit filters are installed on the interfaces or routing instances to direct DNS traffic to the MS-MPC for DNS filtering. If you configure neither the client and server interfaces nor the routing instances, you must provide a way to direct DNS traffic to the MS-MPC (for example, via routes). |
src-ip-prefix [ source-prefix ] | (Optional) Source IP address prefixes of DNS requests you want to filter. You can configure a maximum of 64 prefixes in a term. If you do not specify any source prefixes, then all DNS requests are filtered. |
term term-name | Name for a term. You can configure a maximum of 64 terms in a template. |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 18.3R1 on MX Series.
Support added in Junos OS Release 19.3R2 for Next Gen Services on MX Series routers MX240, MX480 and MX960 with the MX-SPC3 services card.