Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

dns-filtering

Syntax

Hierarchy Level

Description

CAUTION:

Enabling tracing can adversely impact scale and performance and may increase security risk. We strongly recommend using the trace, tracing, or traceoptions commands only under the guidance of a JTAC support engineer. After collecting the debug information, immediately disable tracing to minimize risk and restore normal system performance.

Configure DNS filtering to identify DNS requests for disallowed domains.

Note:

The DNS sinkhole must be configured only for DNS profile category.

Options

dns-resp-ttl

Configure the time-to-live (TTL) value in seconds to send_IN_the DNS response after taking the DNS sinkhole action. The maximum value for DNS response TTL is 86400 (24 hour). Default value is 1800 (30 min).
fqdn

Configure the fully qualified domain name (FQDN) that must be sent in the DNS response for the sinkhole domains.
ipv4-address

Configure the sinkhole IPv4 address.
ipv6-address

Configure the sinkhole IPv6 address.
srv-resp-err-code

Configure the DNS response error code that must be sent for bad domains for server query type.
txt-resp-err-code

Configure the DNS response error code that must be sent for bad domains for text query type.
wildcarding-level

Configure the number of levels that will be iteratively examined for a domain match. The range is 0 to 10. The default value is 10.
file

Configure traffic sampling tracing operations. You can configure the following:

  • file-name—Specify the file name in which to write trace information.

  • files—Specify the maximum number of trace files to be saved with samples or trace data. The range is 2 to 1000.

  • match—Specify the regular expression for lines to be logged for tracing.

  • size—Specify the maximum trace file size, in kilobytes (KB), megabytes (MB), or gigabytes (GB). Syntax: xk to specify KB, xm to specify MB, or xg to specify GB. The range is 10240 to 1073741824.

  • no-world-readable—Disable unrestricted file access.

  • world-readable—Enable unrestricted file access. Allows any user to read the log file.
flag

Tracing flag parameters. The available options are:

  • all—Trace everything

  • config—Trace DNS filtering configuration events

  • connect—Trace DNS filtering IPC events

  • dns—Trace DNS filtering crawler events

  • filter—Trace DNS filtering filter programming events

  • gencfg—Trace DNS filtering gencfg events

  • normal— Trace normal events

  • operation-commands—Trace DNS filtering show events

  • parse—Trace DNS filtering parse events

  • routing—Trace DNS filtering route programming events

  • snmp— Trace DNS filtering snmp events

  • statistics—Trace DNS filtering statistics events

  • system—Trace DNS filtering system events

  • timer—Trace DNS filtering timer events
level

Level of debugging output. The available options are:

  • all—Match all levels

  • error—Match error conditions

  • info—Match informational messages

  • notice—Match conditions that should be handled specially

  • verbose—Match verbose messages

  • warning—Match warning messages
no-remote-trace

Disable remote tracing.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Command introduced in Junos OS Release 20.4R1.