DNS resolver
The domain name system (DNS) resolver is designed for use in local network domains, where it enables the use of a host name or fully qualified domain name with DNS-compatible switch CLI commands.
DNS operation supports both IPv4 and IPv6 DNS resolution and multiple, prioritized DNS servers. (For information on IPv6 DNS resolution, see the latest IPv6 configuration guide for your switch.)
Basic operation
When the switch is configured with only the IP address of a DNS server available to the switch, a DNS-compatible command, executed with a fully qualified domain name, can reach a device found in any domain accessible through the configured DNS server.
When the switch is configured with both of the following:
The IP address of a DNS server available to the switch
The domain suffix of a domain available to the configured DNS server
then:
A DNS-compatible command that includes the host name of a device in the same domain as the configured domain suffix can reach that device.
A DNS-compatible command that includes a fully qualified domain name can reach a device in any domain that is available to the configured DNS server.
Example:
Suppose the switch is configured with the domain suffix
mygroup.HP
Switch.net
and the IP address for an accessible DNS server. If an operator wants to use the switch to ping a target host in this domain by using the DNS name "leader" (assigned by a DNS server to an IP address used in that domain), the operator can use either of the following commands:In the proceeding Example:, if the DNS server's IP address is configured on the switch, but a domain suffix is either not configured or is configured for a different domain than the target host, the fully qualified domain name must be used.
Note that if the target host is in a domain other than the domain configured on the switch:
The host's domain must be reachable from the switch. This requires that the DNS server for the switch must be able to communicate with the DNS servers in the path to the domain in which the target host operates.
The fully qualified domain name must be used, and the domain suffix must correspond to the domain in which the target host operates, regardless of the domain suffix configured in the switch.
Example:
Suppose the switch is configured with the domain suffix
mygroup.HP
Switch.net
and the IP address for an accessible DNS server in this same domain. This time, the operator wants to use the switch to trace the route to a host named "remote-01" in a different domain namedcommon.group.net
. Assuming this second domain is accessible to the DNS server already configured on the switch, atraceroute
command using the target's fully qualified DNS name should succeed.
Configuring and using DNS resolution with DNS-compatible commands
The DNS-compatible commands include ping
and traceroute
.)
Determine the following:
The IP address for a DNS server operating in a domain in your network.
The priority (1 to 3) of the selected server, relative to other DNS servers in the domain.
The domain name for an accessible domain in which there are hosts you want to reach with a DNS-compatible command. (This is the domain suffix in the fully qualified domain name for a given host operating in the selected domain. See Basic operation.) Note that if a domain suffix is not configured, fully qualified domain names can be used to resolve DNS-compatible commands.
The host names assigned to target IP addresses in the DNS server for the specified domain.
Use the data from the first three bullets in step1 to configure the DNS entry on the switch.
Use a DNS-compatible command with the host name to reach the target devices.
Configuring a DNS entry
The switch allows up to two DNS server entries (IP addresses for DNS servers). One domain suffix can also be configured to support resolution of DNS names in that domain by using a host name only. Including the domain suffix enables the use of DNS-compatible commands with a target's host name instead of the target's fully qualified domain name.
Syntax:
Configures the access priority and IP address of a DNS server accessible to the switch. These settings specify:
The relative priority of the DNS server when multiple servers are configured
The IP address of the DNS server
These settings must be configured before a DNS-compatible command can be executed with host name criteria.
The switch supports two prioritized DNS server entries. Configuring another IP address for a priority that has already been assigned to an IP address is not allowed.
To replace one IP address at a given priority level with another address having the same priority, you must first use the
no
form of the command to remove the unwanted address. Also, only one instance of a given server address is allowed in the server list. Attempting to enter a duplicate of an existing entry at a different priority level is not allowed.
To change the priority of an existing server address, use the
no
form of the command to remove the entry, then re-enter the address with the new priority.The
no
form of the command replaces the configured IP address with the null setting. (Default: null)
Syntax:
This optional DNS command configures the domain suffix that is automatically appended to the host name entered with a DNS-compatible command. When the domain suffix and the IP address for a DNS server that can access that domain are both configured on the switch, you can execute a DNS-compatible command using only the host name of the desired target. (For an Example:, see Example: of using either a host name or a fully qualified domain name.) In either of the following two instances, you must manually provide the domain identification by using a fully qualified DNS name with a DNS-compatible command:
If the DNS server IP address is configured on the switch, but the domain suffix is not configured (null).
The domain suffix configured on the switch is not the domain in which the target host exists.
The switch supports one domain suffix entry and three DNS server IP address entries. (See the preceding command description.)
The
no
form of the command replaces the configured domain suffix with the null setting. (Default: null)
Using DNS names with ping and traceroute: Example:
In the network illustrated in Example: network domain, the switch at 10.28.192.1 is configured to use DNS names for DNS-compatible commands in the pubs.outdoors.com domain. The DNS server has been configured to assign the host name docservr to the IP address used by the document server (10.28.229.219).
Configuring switch "A" with the domain
name and the IP address of a DNS server for the domain enables the
switch to use host names assigned to IP addresses in the domain to
perform ping
and traceroute
actions
on the devices in the domain. To summarize:
Entity |
Identity |
---|---|
DNS server IP address |
10.28.229.10 |
Domain name (and domain suffix for hosts in the domain) |
pubs.outdoors.com |
Host name assigned to 10.28.229.219 by the DNS server |
docservr |
Fully qualified domain name for the IP address used by the document server (10.28.229.219) |
docservr.pubs.outdoors.com |
Switch IP address |
10.28.192.1 |
Document server IP address |
10.28.229.219 |
With the above already configured, the following
commands enable a DNS-compatible command with the host name docserver
to
reach the document server at 10.28.229.219.
Configuring switch "A" in Example: network domain to support DNS resolution
HP Switch(config)# ip dns server-address 10.28.229.10 HP Switch(config)# ip dns domain-name pbs.outdoors.com
Ping
and traceroute
execution
for the network in Example: network domain
HP Switch(config)# ping docservr 10.28.229.219 is alive, time = 1 ms HP Switch# traceroute docservr traceroute to 10.28.229.219 1 hop min, 30 hops max, 5 sec. timeout, 3 probes 1 10.28.192.2 1 ms 0 ms 0 ms 2 10.28.229.219 0 ms 0 ms 0 ms
As mentioned under Basic operation, if the DNS entry configured in the switch does not include the domain suffix for the desired target, you must use the target host's fully qualified domain name with DNS-compatible commands. For example, using the document server in Example: network domain as a target:
Viewing the current DNS configuration
The show ip
command displays
the current domain suffix and the IP address of the highest priority
DNS server configured on the switch, along with other IP configuration
information. If the switch configuration currently includes a non-default
(non-null) DNS entry, it will also appear in the show run
command
output.
Operating notes
Configuring another IP address for a priority that has already been assigned to an IP address is not allowed. To replace one IP address at a given priority level with another address having the same priority, you must first use the no form of the command to remove the unwanted address. Also, only one instance of a given server address is allowed in the server list. Attempting to enter a duplicate of an existing entry at a different priority level is not allowed. To change the priority of an existing server address, use the no form of the command to remove the entry, then re-enter the address with the new priority.
To change the position of an address already configured with priority x, you must first use
no ip dns server-address priority x
to remove the address from the configuration, then use<ip-addr>
ip dns server-address priority
to reconfigure the address with the new priority. Also, if the priority to which you want to move an address is already used in the configuration for another address, you must first use the<ip-addr>
no
form of the command to remove the current address from the target priority.The DNS servers and domain configured on the switch must be accessible to the switch, but it is not necessary for any intermediate devices between the switch and the DNS server to be configured to support DNS operation.
When multiple DNS servers are configured on the switch, they can reside in the same domain or different domains.
A DNS configuration must include the IP address for a DNS server that is able to resolve host names for the desired domain. If a DNS server has limited knowledge of other domains, its ability to resolve DNS-compatible command requests is also limited.
If the DNS configuration includes a DNS server IP address but does not also include a domain suffix, then any DNS-compatible commands should include the target host’s fully qualified domain name.
Switch-Initiated DNS packets go out through theVLAN having the best route to the DNS server, even if aManagement VLAN has been configured.
The DNS server address must be manually input. It is not automatically determined viaDHCP.