dns
Syntax
dns {
disable;
doctoring (none | sanity-check);
maximum-message-length bytes;
oversize-message-drop;
traceoptions {
flag {
all {
extensive
}
}
}
}
Hierarchy Level
[edit logical-systems name security alg], [edit logical-systems name tenants name security alg], [edit security alg], [edit services alg], [edit tenants name security alg]
Description
Enabling tracing can adversely impact scale and performance and may increase security risk. We strongly recommend using the trace, tracing, or traceoptions commands only under the guidance of a JTAC support engineer. After collecting the debug information, immediately disable tracing to minimize risk and restore normal system performance.
Specify the Domain Name System (DNS) Application Layer Gateway (ALG) on the device.
Options
disable—Disable the DNS ALG. By default, the DNS ALG is enabled. You can enable or disable the DNS ALG for both IPv4 and IPv6 mode.doctoring—Configure DNS ALG doctoring.none— Disable all DNS ALG doctoring.sanity-check—Perform only DNS ALG sanity checks.
maximum-message-length—Set maximum message length (bytes).Range: 512 through 819.
Default: 512.
oversize-message-drop—Configure to drop the oversized DNS packets.traceoptions— Configure DNS ALG tracing options.flag—Trace operation to perform.all—Trace all events.extensive—Display extensive amount of data.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 8.5.
The tenant option is introduced in Junos
OS Release 18.3R1.