In this section:
This section provides an example for configuring DNS Groups, DNS query to an interface group outside the Address Context, and explains how to configure DNS A/SRV and NAPTR queries.
The SBC supports domain-name resolution through an external DNS servers. Each IP address context defines one or more DNS server groups, each containing up to eight DNS servers. The zone and/or SIP Trunk Group then indicates which DNS Server Group to use for requests requiring DNS resolution.
When a DNS group is configured at the Address Context level for an interface, it must also be configured at the Zone level in that Address Context. For example, the CLI command examples listed below accomplish the following:
Associate the DNS group to a zone within an Address Context
% set addressContext default dnsGroup DNG-1 type ip interface IPIG-1 % set addressContext default dnsGroup DNG-1 localRecord RECORD1 data 1 hostName HOST-1 order roundrobin state enabled % set addressContext default dnsGroup DNG-1 server SERVER1 ipAddress 1.1.1.1 priority 1 recursionDesired true weight 10 % set addressContext default zone ZONE_AS dnsGroup DNG-1
The SBC Core supports up to eight DNS servers per DNS group. The SBC 5400/7000 platforms support up to 2,048 DNS Groups system-wide. The SBC SWe supports up to 128 DNS Groups. Refer to SBC Provisioning Limits for additional provisioning limitations.
Before deleting a DNS group, first delete the DNS local records and DNS servers in that group.
The SBC Core supports associating the zone of a particular Address Context with the DNS Group of the another Address Context. For example, the DNS Group (D1) is configured in the Address Context (AC1). With this enhancement, you can associate Zone of Address Context (AC2) with DNS Group (D1) of the Address Context (AC1).
To perform this configuration:
To create DNS Groups d1 and d2 in the Address Context AC1, execute the following commands:
% set addressContext AC1 dnsGroup d1 server d1Server ipAddress 10.54.78.20 state enabled commit % set addressContext AC1 dnsGroup d1 type ip interface LIG1 commit % set addressContext AC1 dnsGroup d2 server d2Server ipAddress 10.54.78.21 state enabled commit % set addressContext AC1 dnsGroup d2 type ip interface LIG1 commit
To associate the DNS Group d2 to the zone belongging to a different Address Context AC2, execute the following command:
% set addressContext AC2 zone ZONE_AS dnsGroup d2 commit
To query the PSX FQDN with a particular DNS Group d2, execute the following command:
% set system policyServer globalConfig dnsGroup d2 % commit
The SBC supports DNS A/SRV and NAPTR Queries. The DNS Group and DNS support type configuration is required in the SBC to trigger the DNS Queries to the DNS Server.
Perform the following steps to configure the DNS server for DNS A/SRV and NAPTR queries:
Create a DNS group and add a DNS server in the group.
More than one DNS server can be added. Each is selected based on its weight and the priority.
% set addressContext a1 dnsGroup <dnsgroupname> server <servername> ipAddress <DNS ipaddress> state enabled
In the SIP Trunk Group services, create a Static route for the DNS Server.
% set addressContext a1 zone <zone_name> sipTrunkGroup <trunkgrp name> services dnsSupportType a-srv-naptr % set addressContext a1 staticRoute <dns ip address> <prefix> <gateway ip> <Intfce> <if_ethx> preference 10
In the IP Signaling Profile, enable the "noPortNumber5060" flag.
% set profiles signaling ipSignalingProfile <SIP IP signaling profile name> commonIpAttributes flags noPortNumber5060 enable
Ensure that IP Peer returns the domain name so the SBC can send the query to the DNS Server.
% set addressContext a1 zone <dnsgroupname> ipPeer <peer name> policy sip fqdn <Domain name> fqdnPort <port>
For NAPTR/SRV lookups, ensure the port number is not configured under IP Peer on the SBC, or IP Signaling Peer Group in the PSX, if external PSX is used. If only A-record lookups are required, the port must be configured.
Check the DNS server status and statistics:
% show table/status addressContext a1 dnsGroup DNSGroup1 dnsServerStatistics % show table/status addressContext a1 dnsGroup DNSGroup1 dnsEntryStatus % show table/status addressContext a1 dnsGroup DNSGroup1 dnsEntryDataStatus
Create a DNS group and configure the rcodeErrorMonitorTimer
to support monitoring timer interval which the SBC uses to monitor RCODE errors.
% set addressContext default dnsGroup DNSGroup1 rcodeErrorMonitorTimer (<unsignedShort, 0 .. 60>) (0): 30 [ok]
Monitor the RCODE error and check the error field in the "dnsServerStatistics
" table to monitor the responses from the DNS server by executing the command:
% show status addressContext default dnsGroup dnsServerStatistics
Refer to the following pages for command syntax details: