apps split-dns
You can choose to configure separate DNS servers for internal and external networks to ensure better security and privacy management. If you choose to add an internal DNS server, you must create a split-DNS profile, add a collector DNS server for external networks, and then add the required rules for the profile.
Use the apps split-dns command to configure split-DNS profile for each GigaSMART engine port. You can configure up to a maximum of five split-DNS profiles for a device, however, you can enable only one split-DNS profile for a GigaSMART engine port. You must configure only one collector DNS server for a split-DNS profile. You can configure up to a maximum of 100 rules in a split-DNS profile. When you configure the rules, keep in mind the following:
| Duplicate rules are not allowed. |
| Multicast or broadcast IP addresses are not allowed. |
| The valid format for domain name is *.name.org, xxx.name.com, or name.com. |
The apps split-dns command has the following syntax:
apps split-dns profile alias <alias>
collector add dns <ip-address>
rule add dns <ip-address> domain <domain-name>
collector edit dns <ip-address>
rule edit id <rule id> dns <ip-address>| domain <domain name>
rule delete id <rule id>| all
exit
The following table describes the arguments for the apps split-dns command:
|
Argument |
Description |
|
apps split-dns profile alias <alias> |
Specifies an alias for the split-DNS profile. Example: (config) # apps split-dns profile alias splitdns1 |
|
collector add dns <ip-address> |
Configures a collector DNS server for the split-DNS profile. Example: (config) # collector add dns 10.115.181.228 |
|
rule add dns <ip-address> domain <domain-name> |
Configures a rule with DNS server IP address and domain name for the split-DNS profile. Example: (config) # rule add dns 11.22.33.44 domain *.gigamon.com |
|
collector edit dns <ip-address> |
Edits the IP address of the collector DNS server. Example: (config) # collector edit dns 10.115.181.229 |
|
rule edit id <rule id> dns <ip-address>| domain <domain name> |
Edits the DNS server IP address or the domain name configured for the rule. Note: You cannot edit the rules that are not configured for the specified split-DNS profile. Examples: (config) # rule edit id 2 dns 10.20.30.40 (config) # rule edit id 2 domain *.yahoo.com |
|
rule delete id <rule id>| all |
Deletes the specified rule ID or all the rules configured for the split-DNS profile. Note: You cannot delete the rules that are not configured for the specified split-DNS profile. Examples: (config) # rule delete id 2 (config) # rule delete all |
Related Commands
The following table summarizes other commands related to the apps split-dnscommand:
|
Task |
Command |
|
Displays details such as the collector DNS server and rules configured for the specified split-DNS profile. |
# show apps split-dns profile alias <alias> |
|
Displays the details of all the split-DNS profiles configured for the device. |
# show apps split-dns profile all |
|
Deletes the specified split-DNS profile. Note: Before deleting the split-DNS profile, ensure that you disable the profile from the GigaSMART engine port. To disable the profile, you must delete the GigaSMART engine port configurations. Refer to gigasmart. |
# no apps split-dns profile alias <alias> |
|
Deletes all the split-DNS profiles configured for the device. Note: Before deleting the split-DNS profiles, ensure that you disable the profiles from the GigaSMART engine ports. To disable the profile, you must delete the GigaSMART engine port configurations. Refer to gigasmart. |
# no apps split-dns profile all |
