config system dns
Description: Configure DNS.
set primary {ipv4-address}
set secondary {ipv4-address}
set dns-over-tls [disable|enable|...]
set ssl-certificate {string}
set server-hostname <hostname1>, <hostname2>, ...
set domain <domain1>, <domain2>, ...
set ip6-primary {ipv6-address}
set ip6-secondary {ipv6-address}
set timeout {integer}
set retry {integer}
set dns-cache-limit {integer}
set dns-cache-ttl {integer}
set cache-notfound-responses [disable|enable]
set source-ip {ipv4-address}
set interface-select-method [auto|sdwan|...]
set interface {string}
end| Parameter Name | Description | Type | Size |
|---|---|---|---|
| primary | Primary DNS server IP address. | ipv4-address | Not Specified |
| secondary | Secondary DNS server IP address. | ipv4-address | Not Specified |
| dns-over-tls | Enable/disable/enforce DNS over TLS. disable: Disable DNS over TLS. enable: Use TLS for DNS queries if TLS is available. enforce: Use only TLS for DNS queries. Does not fall back to unencrypted DNS queries if TLS is unavailable. |
option | - |
| ssl-certificate | Name of local certificate for SSL connections. | string | Maximum length: 35 |
server-hostname <hostname> |
DNS server host name list. DNS server host name list separated by space (maximum 4 domains). |
string | Maximum length: 127 |
domain <domain> |
Search suffix list for hostname lookup. DNS search domain list separated by space (maximum 8 domains). |
string | Maximum length: 127 |
| ip6-primary | Primary DNS server IPv6 address. | ipv6-address | Not Specified |
| ip6-secondary | Secondary DNS server IPv6 address. | ipv6-address | Not Specified |
| timeout | DNS query timeout interval in seconds (1 - 10). | integer | Minimum value: 1 Maximum value: 10 |
| retry | Number of times to retry (0 - 5). | integer | Minimum value: 0 Maximum value: 5 |
| dns-cache-limit | Maximum number of records in the DNS cache. | integer | Minimum value: 0 Maximum value: 4294967295 |
| dns-cache-ttl | Duration in seconds that the DNS cache retains information. | integer | Minimum value: 60 Maximum value: 86400 |
| cache-notfound-responses | Enable/disable response from the DNS server when a record is not in cache. disable: Disable cache NOTFOUND responses from DNS server. enable: Enable cache NOTFOUND responses from DNS server. |
option | - |
| source-ip | IP address used by the DNS server as its source IP. | ipv4-address | Not Specified |
| interface-select-method | Specify how to select outgoing interface to reach server. auto: Set outgoing interface automatically. sdwan: Set outgoing interface by SD-WAN or policy routing rules. specify: Set outgoing interface manually. |
option | - |
| interface | Specify outgoing interface to reach server. | string | Maximum length: 15 |
config system dns
Description: Configure DNS.
set primary {ipv4-address}
set secondary {ipv4-address}
set dns-over-tls [disable|enable|...]
set ssl-certificate {string}
set server-hostname <hostname1>, <hostname2>, ...
set domain <domain1>, <domain2>, ...
set ip6-primary {ipv6-address}
set ip6-secondary {ipv6-address}
set timeout {integer}
set retry {integer}
set dns-cache-limit {integer}
set dns-cache-ttl {integer}
set cache-notfound-responses [disable|enable]
set source-ip {ipv4-address}
set interface-select-method [auto|sdwan|...]
set interface {string}
end| Parameter Name | Description | Type | Size |
|---|---|---|---|
| primary | Primary DNS server IP address. | ipv4-address | Not Specified |
| secondary | Secondary DNS server IP address. | ipv4-address | Not Specified |
| dns-over-tls | Enable/disable/enforce DNS over TLS. disable: Disable DNS over TLS. enable: Use TLS for DNS queries if TLS is available. enforce: Use only TLS for DNS queries. Does not fall back to unencrypted DNS queries if TLS is unavailable. |
option | - |
| ssl-certificate | Name of local certificate for SSL connections. | string | Maximum length: 35 |
server-hostname <hostname> |
DNS server host name list. DNS server host name list separated by space (maximum 4 domains). |
string | Maximum length: 127 |
domain <domain> |
Search suffix list for hostname lookup. DNS search domain list separated by space (maximum 8 domains). |
string | Maximum length: 127 |
| ip6-primary | Primary DNS server IPv6 address. | ipv6-address | Not Specified |
| ip6-secondary | Secondary DNS server IPv6 address. | ipv6-address | Not Specified |
| timeout | DNS query timeout interval in seconds (1 - 10). | integer | Minimum value: 1 Maximum value: 10 |
| retry | Number of times to retry (0 - 5). | integer | Minimum value: 0 Maximum value: 5 |
| dns-cache-limit | Maximum number of records in the DNS cache. | integer | Minimum value: 0 Maximum value: 4294967295 |
| dns-cache-ttl | Duration in seconds that the DNS cache retains information. | integer | Minimum value: 60 Maximum value: 86400 |
| cache-notfound-responses | Enable/disable response from the DNS server when a record is not in cache. disable: Disable cache NOTFOUND responses from DNS server. enable: Enable cache NOTFOUND responses from DNS server. |
option | - |
| source-ip | IP address used by the DNS server as its source IP. | ipv4-address | Not Specified |
| interface-select-method | Specify how to select outgoing interface to reach server. auto: Set outgoing interface automatically. sdwan: Set outgoing interface by SD-WAN or policy routing rules. specify: Set outgoing interface manually. |
option | - |
| interface | Specify outgoing interface to reach server. | string | Maximum length: 15 |