ipv6 dns spoofing

Use ipv6 dns spoofing to enable DNS spoofing and specify the translated IPv6 address.

Use undo ipv6 dns spoofing to disable DNS spoofing.

Syntax

ipv6 dns spoofing ipv6-address [ vpn-instance vpn-instance-name ]

undo ipv6 dns spoofing ipv6-address [ vpn-instance vpn-instance-name ]

Default

DNS spoofing is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies the IPv6 address used to spoof name query requests.

vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a case-sensitive string of 1 to 31 characters. To enable DNS spoofing on the public network, do not use this option.

Usage guidelines

Use the ipv6 dns spoofing command together with the dns proxy enable command.

DNS spoofing enables the DNS proxy on the device to send a spoofed reply with an IPv6 address in response to a type AAAA DNS request. Without DNS spoofing, the device does not forward or answer a request if no DNS server is specified or no DNS server is reachable.

You can configure DNS spoofing for the public network and a maximum of 1024 VPNs. You can specify only one replied IPv6 address for the public network or each VPN.

If you use the command multiple times, the most recent configuration takes effect.

Examples

# Enable DNS spoofing on the public network and specify 2001::1 as the translated IPv6 address.

<Sysname> system-view
[Sysname] dns proxy enable
[Sysname] ipv6 dns spoofing 2001::1

Related commands

dns proxy enable