The DNS (Domain Name System) group object contains a list of DNS servers used to resolve SIP NAPTR, SRV, and A-record lookups.

The following diagram shows a typical DNS server group configuration.

DNS Server Group Configuration

 
Note

The SBC supports associating a DNS group with a zone belonging to a different Address Context than that of the DNS group. The DNS query is resolved using the DNS group configured. Refer to Configuring DNS Groups for a configuration example.

Creating and Configuring DNS Servers

The DNS Client sends the query to the server with the highest priority (lower value) first, and in case of a timeout, the query is resent to the server with the next highest priority. For servers with the same priority, the selection is distributed based on the weight value. Priority and weight values are configurable. You can also configure recursion preference (recursion involves assistance from other DNS servers to help resolve the query).

Configure the DNS group at the Zone level for the interface within the Address Context.

To assign a DNS group to a zone, refer to Zone - DNS Group - CLI page.


Note

The SBC Core supports up to eight DNS servers per DNS group. The SBC 5400/7000 platforms support up to 2,048 DNS Groups system-wide. The SBC SWe supports up to 128 DNS Groups. Refer to SBC Provisioning Limits for additional provisioning limitations. 


Note

The  SBC 7000 system supports creating IP Interface Groups containing sets of IP interfaces that are not "processor friendly" (i.e. carried on physical Ethernet ports served by separate processors). However, restrictions exist regarding the usage of such Interface Groups.

(This ability does not apply to the SBC 5400, which has only two physical media ports. You may configure the IP interfaces from the two physical ports within the same IP Interface Groups without restrictions.)

For complete details, refer to Configuring IP Interface Groups and Interfaces.


Note

You must configure Cluster Admin for intra-cluster node communication before configuring a D-SBC signaling port, Load balancing service and DNS group parameters.

Refer to Cluster Admin - CLI for configuration details.


Command Syntax

The full DNS Group CLI syntax is shown below:

% set addressContext <addressContext name> dnsGroup <dnsGroup name>
	dnsFallback <disabled | enabled>
	dnslookupTimeoutTimer <10-300>
	ednsSupport <disabled | enabled>
	interface <interface name> 
	localRecord <record name> 
		data <#> 
		hostName <name> 
		order <centralized-roundrobin | priority | roundrobin> 
		state <disabled | enabled> 
	negativeDnsCacheSupport <disabled | enabled>
	negativeDnsCacheTimer <10-300>
	server <DNS server name> 
		dscpValue <0-63>
        ipAddress <ip address> 
		priority <0-100> 
		recordOrder <centralized-roundrobin | priority | roundrobin>
		recursionDesired <false | true> 
		state <disabled | enabled>
		tcpFallback <disabled | enabled>
		transportProtocol <tcp | udp>
		weight <0-100>
	transport <tcp | udp>
	type <ip | mgmt | none>
	useConfiguredDnsServer <disabled | enabled>

CLI syntax to configure which type of IP interface to use:

% set addressContext <addressContext name> dnsGroup <dnsGroup name> type <ip | mgmt | none>

CLI syntax to configure a local DNS resource record:

% set addressContext <addressContext name> dnsGroup <dnsGroup name> localRecord <record_name> 
	data <index#> 
		ipAddress <ip address> 
		priority <0-100> 
		state <disabled | enabled> 
		type <a | aaaa> 
	hostName <host_Name> 
	order <centralized-roundrobin | priority | roundrobin> 
	state <enabled | disabled>

CLI syntax to configure a DNS server:

% set addressContext <addressContext name> dnsGroup <dnsGroup name> server <DNS server name> 
	dscpValue <0-63>
    ipAddress <DNS_ipAddress> 
	priority <0-100> 
	recordOrder <centralized-roundrobin | priority | roundrobin>
	recursionDesired <false | true> 
	state <disabled | enabled>
	tcpFallback <disabled | enabled>
	transportProtocol <tcp | udp> 
	weight <0-100>

CLI syntax to configure the type of IP interface to use for this DNS Group:

% set addressContext <addressContext_name> dnsGroup <dnsGroup_name> type ip
-OR-
% set addressContext <addressContext_name> dnsGroup <dnsGroup_name> type mgmt interface mgmtGroup

CLI syntax to configure an RCODE error monitoring timer interval which the SBC uses to monitor RCODE errors.

% set addressContext <address_context_name> dnsGroup <dnsgroup> rcodeErrorMonitorTimer <rcode_error_monitor_timer>


Command Parameters

DNS Group Parameters

Parameter

Description

dnsFallback

Disable this flag to send an EDNS request towards the DNS server irrespective of any DNS failure response received in the past.

If this flag is enabled and EDNS failure error response is received for a query, then the SBC stops sending further EDNS requests towards the DNS server. Instead, regular DNS query is sent to the DNS server.

Refer to sonusSbxDnsServerEdnsFailureNotification - CRITICAL, for additional details.

  • disabled 
  • enabled (default)
dnslookupTimeoutTimer

<value> – Use this timer for DNS lookup messages to set an expiration time, in seconds, after which a DNS query fails.

Range: 10-300 seconds; Default = 10 seconds

NOTE: If your network includes several DNS servers configured with higher retransmission count values, increase this timer value based on the DNS global retransmission count and retransmission timer settings.

ednsSupport

Enable this flag to support extension mechanisms for Domain Name Systems (EDNS) for statically configured and dynamically learned DNS servers.

  • disabled (default)
  • enabled

NOTE: Refer to the following pages for additional details:

interface

<IP or Mgmt Interface group name> – Use this parameter to specify the name of the IP or Management Interface group when using the management interfaces..

NOTE: This parameter displays only after you specify the type parameter.

localRecord

<name> – Specify the local DNS resource record name.  The options are:

  • data <index>– Specify the DNS record index number for this DNS record.
    • ipAddress – Specify the IPv4 or IPv6 address of the local name service record data.
    • priority – Specify the local name service record data priority. Range: 0-100 ; Default = 0.
    • state – Select the administrative state of the local name service record data.
      • disabled (default)
      • enabled
    • type <a | aaaa> – Specify the local name service record data type.
  • hostName – Specify a unique host name of this local name service record. The host name must be unique across all records.
  • order– Specify the look-up order of this local name service record. The options are:
    • centralized-roundrobin – (recommended) Specify this option to use the round-robin technique with respect to the whole system.
    • priority –   Specify this option to use the lookup order based  on the order of entries returned in the DNS response.
    • roundrobin Specify this option to share and distribute local records among internal SBC processes in a round-robin fashion. Over a large number of calls, a fair amount of distribution occur across all DNS records.
  • state – Specify the state of this local name service record.
    • disabled (default)
    • enabled
negativeDnsCacheSupport

Enable this flag for the SBC to store records in the negative cache in case a failure occurs in order to receive a 'DNS Successful' lookup response. No external DNS queries are sent for the same record until it is in a negative cache state.

  • disabled
  • enabled (default)

NOTE: If you require that the SBC sends the DNS lookup queries to the external DNs server for each call even if DNS queries failed previously, you must disable this flag.

NOTE: Use this flag, in conjunction with dnslookupTimeoutTimer and negativeDnsCacheTimer parameters, to manage how DNS lookups are sent to the negative cache.

negativeDnsCacheTimer

<value> – Use this timer to set a length, in seconds, to keep DNS lookup failed records in the negative cache.

Range: 10-300 seconds; Default = 60 seconds

NOTE: This parameter is only available when the negativeDnsCacheSupport flag is enabled.

server

Configure the DNS server within the DNS group.

  • dscpValue – Specify the Differentiated Services Code Point (DSCP) value the SBC sends in the IP header of DNS queries to the specified DNS server.
  • ipAddress  Specify the IPv4 or IPv6 address of this DNS server.
  • priority  Specify the DNS server priority. Range: 0-100 ; Default = 0.
  • recordOrder –  Specify the lookup order of the local name service records associated with the specified DNS server.
    • centralized-roundrobin – (recommended) Specify this option to use the round-robin technique with respect to the whole system.
    • priority (default) – Use the lookup order  based on the order of entries returned in the DNS response.
    • roundrobin Use this option to share and distribute local records among internal SBC processes in a round-robin fashion. Over a large number of calls, a fair amount of distribution occur across all DNS records.
  • recursionDesired– Enable this option to use recursion for this DNS Server.
    • false
    • true (default)
  • state Specify the administrative state of DNS Server configuration.
    • disabled (default)
    • enabled
  • tcpFallback – Enable this flag (per DNS server) to support TCP fallback when transport protocol is configured as UDP.
    • disabled (default)
    • enabled
  • transportProtocol – Specify this parameter to choose the transport protocol to use for DNS queries for this DNS server.
    • tcp
    • udp (default)
  • weight The load-sharing weight of this DNS Server. Range: 0-100; default = 0.
transport

The transport protocol to use to communicate with DNS servers.

  • tcp
  • udp (default)

type

The type of IP interfaces to be used for this DNS Group.

  • ip
  • mgmt
    • interface mgmtGroup – management interface group name.
  • none (default)
useConfiguredDnsServer

When this flag is disabled, the SBC stores the Authoritative NS records received in Domain Name System (DNS) query response and uses it for locating a closer DNS server for subsequent DNS queries. There are cases where “Authoritative” servers, which are used for the previous queries may not be directly reachable from SBC, or IP ACL rules (configured on the SBC) blocks the query responses. This causes DNS queries to fail and leads to subsequent call failures.

When this flag is enabled, the SBC supports using the configured DNS for external DNS queries within that DNS group. It sends the DNS queries to the DNS server in the DNS group and ignores the Authoritative servers.

  • disabled (default)
  • enabled
rcodeErrorMonitorTimer

Configure the RCODE error monitor timer interval to allow the SBC to monitor RCODE errors.

When the timer value is 0, this feature is disabled. Range: 0 - 60 Minutes. Default: 0 minutes



Note

The SBC supports, by default, 1,300 Maximum Transmission Unit (MTU) bytes, and the MTU size used by the SBC is configurable. If the initial INVITE message size exceeds the default MTU value, the SBC sends the data over the TCP transport protocol. The TCP transport protocol is used if it is allowed by the transport profile irrespective of its preference order.

The current TCP Fallback feature does the following:

  1. Enables the SBC to reject UDP INVITE with PDU size more than configured MTU value with “513 Message Too Large”.
  2. It is up to the far-end to recognize this “513 Message Too Large” and switch to TCP.
  3. This feature does not enable the SBC itself to fall back to TCP on receiving  “513 Message Too Large” from far-end.
  4. Once the transport protocol is determined by the application layer in SBC, if the size of the INVITE PDU is increased later (say through SMM rules), the SBC will NOT be able to change the transport protocol to TCP, instead the INVITE is sent using the already determined transport protocol irrespective of the MTU Size configured.

Command Examples


Refer to Configuring DNS Groups page for examples on DNS configurations.