Cisco Cisco ASR 5000
Crypto Template Configuration Mode Commands
▀ dns-handling
▄ Command Line Interface Reference, StarOS Release 18
3026
dns-handling
Adds a custom option to define the ways a DNS address is returned based on proscribed circumstances described below.
Product
PDIF
Privilege
Security Administrator
Syntax
[ default ] dns-handling { custom | normal }
default
Configures the default condition as
normal
. By default, PDIF always returns the DNS address in the config
payload in the second authentication phase if one is received from either the configuration or the HA.
dns-handling custom
Configures the PDIF to behave as described in the Usage section below.
dns-handling normal
This is the default action. The service always returns the DNS address in the config payload in the second
authentication phase if one is received from either the configuration or the HA.
authentication phase if one is received from either the configuration or the HA.
Usage
During IKEv2 session setup, MS may or may not include INTERNAL_IP4_DNS in the Config Payload (CP).
PDIF may obtain one or more DNS addresses for the subscriber in DNS NVSE from a proxy-MIP
Registration Reply message. If Multiple Authentication is used, these DNS addresses may be also received in
Diameter AVPs during the first authentication phase, or in RADIUS attributes in the Access Accept messages
during the second authentication phase.
In
PDIF may obtain one or more DNS addresses for the subscriber in DNS NVSE from a proxy-MIP
Registration Reply message. If Multiple Authentication is used, these DNS addresses may be also received in
Diameter AVPs during the first authentication phase, or in RADIUS attributes in the Access Accept messages
during the second authentication phase.
In
normal
mode, by default PDIF always returns the DNS address in the config payload in the second
authentication phase if one is received from either the configuration or the HA.
In
In
custom
mode, depending on the number of INTERNAL_IP4_DNS, PDIF supports the following
behaviors:
If MS includes no INTERNAL_IP4_DNS in Config Payload: PDIF does not return any
INTERNAL_IP4_DNS option to MS, whether or not PDIF has received one in DNS NVSE from
HA or from local configurations.
HA or from local configurations.
If MS requests one or more INTERNAL_IP4_DNS(s) in Config Payload, and if P-MIP NVSE doesn't
contain any DNS address or DNS address not present in any config, PDIF omits
INTERNAL_IP4_DNS option to MS in the Config Payload.
INTERNAL_IP4_DNS option to MS in the Config Payload.
And if P-MIP NVSE includes one DNS address (a.a.a.a / 0.0.0.0), then PDIF sends one
INTERNAL_IP4_DNS option in Config Payload back to the MS.
If the Primary DNS is a.a.a.a and the Secondary DNS is 0.0.0.0, then a.a.a.a is returned (only one
instance of DNS attribute present in the config payload).
If the Primary DNS is 0.0.0.0 and the Secondary DNS is a.a.a.a, then a.a.a.a is returned (only one
instance of DNS attribute present in the config payload). PDIF does not take 0.0.0.0 as a valid DNS
address that can be assigned to the MS.
address that can be assigned to the MS.