- play_arrow AAA for Subscriber Management
- play_arrow AAA for Subscriber Management
- play_arrow RADIUS for Subscriber Management
- RADIUS Servers and Parameters for Subscriber Access
- Storage and Reporting of Interface Descriptions to Uniquely Identify Subscribers
- Session Options for Subscriber Access
- RADIUS NAS Port Attributes and Options
- RADIUS Logical Line Identification
- RADIUS Authentication and Accounting Basic Configuration
- RADIUS Reauthentication As an Alternative to RADIUS CoA for DHCP Subscribers
- Configuring RADIUS Reauthentication for DHCP Subscribers
- RADIUS Accounting for Subscriber Access
- Verifying and Managing Subscriber AAA Information
- Session Termination Causes and RADIUS Termination Cause Codes
- AAA Termination Causes and Code Values
- DHCP Termination Causes and Code Values
- L2TP Termination Causes and Code Values
- PPP Termination Causes and Code Values
- VLAN Termination Causes and Code Values
- play_arrow Domain Maps for Subscriber Management
- play_arrow Testing and Troubleshooting AAA
- play_arrow RADIUS Dictionary Files
- Junos OS Release 15.1 Subscriber Management RADIUS Dictionary [DCT]
- Junos OS Release 16.1 Subscriber Management RADIUS Dictionary [DCT]
- Junos OS Release 16.2 Subscriber Management RADIUS Dictionary [DCT]
- Junos OS Release 17.1 Subscriber Management RADIUS Dictionary [DCT]
- Junos OS Release 17.4 Subscriber Management RADIUS Dictionary [DCT]
- Junos OS Release 18.2 Subscriber Management RADIUS Dictionary [DCT]
- Junos OS Release 18.4 Subscriber Management RADIUS Dictionary [DCT]
-
- play_arrow DHCP and DHCPv6 for Subscriber Management
- play_arrow DHCP for Subscriber Management
- DHCP Overview
- DHCP Access Profiles for Subscriber Authentication and Accounting Parameters
- Overrides for Default DHCP Local Server and DHCP Relay Configuration Settings
- Delaying DHCP Offer and Advertise Responses to Load Balance DHCP Servers
- DHCP Options and Selective Traffic Processing
- Using DHCP Option 82 Information
- Default Services for DHCP Subscribers
- DHCP Client Attribute and Address Assignment
- DHCP Lease Times for IP Addresses
- DHCP Leasequery Methods
- DHCP Client Authentication With An External AAA Authentication Service
- Receiving DHCP Options From a RADIUS Server
- Common DHCP Configuration for Interface Groups and Server Groups
- Number of DHCP Clients Per Interface
- Maintaining DHCP Subscribers During Interface Delete Events
- Dynamic Reconfiguration of Clients From a DHCP Local Server
- Understanding Deferred NACK on DHCP Reconfigure Abort
- Conserving IP Addresses Using DHCP Auto Logout
- DHCP Short Cycle Protection
- DHCP Monitoring and Management
-
- play_arrow IPv6 for Subscriber Management
- play_arrow IPv6 for Subscriber Management
- Introduction to IPv6 Addresses
- Migration to IPv6 Using IPv4 and IPv6 Dual Stack
- IPv6 WAN Link Addressing with NDRA
- IPv6 WAN Link Addressing with DHCPv6 IA_NA
- Subscriber LAN Addressing with DHCPv6 Prefix Delegation
- WAN and LAN Addressing Using DHCPv6 IA_NA and DHCPv6 Prefix Delegation
- Designs for IPv6 Addressing in a Subscriber Access Network
- Dual-Stack Access Models in a DHCP Network
- Dual-Stack Access Models in a PPPoE Network
- Best Practices for Configuring IPv4 and IPv6 Dual Stack in a PPPoE Access Network
- Dual Stack for PPPoE Access Networks Using DHCP
- Dual Stack for PPPoE Access Networks Using NDRA
- IP Demultiplexing Interfaces on Packet-Triggered Subscriber Services
- Conservation of IPv4 Addresses for Dual-Stack PPP Subscribers Using On-Demand IPv4 Address Allocation
- Dual Stack Subscribers Monitoring and Management
-
- play_arrow DHCPv6 for Subscriber Management
- play_arrow Packet Triggered Subscriber Services
- play_arrow Packet Triggered Subscriber Services
-
- play_arrow Address-Assignment Pools for Subscriber Management
- play_arrow Address-Assignment Pools for Subscriber Management
-
- play_arrow M:N Subscriber Redundancy
- play_arrow Access Node Control Protocol and the ANCP Agent for Subscriber Services
- play_arrow Access Node Control Protocol and the ANCP Agent for Subscriber Services
-
- play_arrow Diameter Base Protocol and its Applications
- play_arrow Diameter Base Protocol and its Applications
- Diameter Base Protocol
- Gx-Plus for Provisioning Subscribers
- 3GPP Policy and Charging Control for Wireline Provisioning and Accounting
- NASREQ for Authentication and Authorization
- JSRC for Subscriber Provisioning and Accounting
- JSRC and Subscribers on Static Interfaces
- Monitoring and Management Diameter Information
- Tracing Diameter Base Protocol Events for Troubleshooting
- Troubleshooting Diameter Networks
- Monitoring and Managing Static Subscriber Information
- Tracing Static Subscriber Events for Troubleshooting
-
- play_arrow Configuration Statements and Operational Commands
DNS Name Server Addresses for Subscriber Management
DNS Name Server Address Overview
When a client attempts to access a domain—for example, www.example.com—a request is sent to a Domain Name System (DNS) name server. The name server stores information that correlates domain names with IP addresses; the IP address is used to reach the requested domain. In response to the client request, the name server looks up the IP address for the domain—192.0.2.10 for www.example.com—and returns it to the client.
In your network configuration, you must configure the address of one or more name servers locally on the router or on your RADIUS server. The local configuration supports the following subscriber types:
DHCPv4 or DHCPv6
IP over Ethernet (VLAN)
Terminated PPPoE (IPv4 or IPv6)
Tunneled PPPoE (IPv4 or IPv6)
You can configure the name server addresses globally (per routing instance), per access profile, or, for DHCP only, per address pool. You can configure more than one name server in a routing instance or access profile by repeating the statement for each address.
Because you can configure name server addresses at more than one level, the address returned to the client is determined by the order of preference among the levels. The preference depends on the client type.
For DHCP subscribers, the preference in descending order is
RADIUS > DHCP address pool > access profile > global
For non-DHCP subscribers, the preference in descending order is
RADIUS > access profile > global
According to the preference order, a name server address configured in RADIUS is preferred by all subscriber types over all other configuration levels. For all subscriber types, the global name server address is used only when no other name server addresses are configured. When a name server address is configured only in a DHCP address pool, then no address is available to non-DHCP subscribers.
When you configure multiple addresses for a name server, the order in which you configure them determines the preference within that configuration. The preference according to configuration level supersedes this ordering.
There is no restriction on the number of DNS name server addresses that you can configure. For DHCP subscribers, all the addresses are sent in DHCP messages. However, only two addresses—determined by preference order—are sent to PPP subscribers.
All changes in these locally configured DNS name servers affect only new subscribers that subsequently log in. Existing subscribers are not affected by the changes.
Benefits of Local DNS Server Addresses
Enables configuration of multiple name server addresses per routing instance and per access profile, providing opportunities for subscribers to connect when a given server is unavailable. The multiple server/multiple level configuration provides a high degree of granularity for managing subscriber access, which is made easier with the capability of specify a preference order for the servers.
Supports many subscriber types: Terminated and tunneled PPP subscribers (IPv4 and IPv6), DHCP subscribers (DHCPv4 and DHCPv6), and IP-over-Ethernet (VLAN) subscribers.
See Also
Configuring DNS Name Server Addresses for Subscriber Management
This topic describes the procedure for configuring DNS name server addresses at the access profile and routing instance levels. For information about configuring addresses in DHCP address pools, see Address-Assignment Pools for Subscriber Management. For information about configuring addresses on your RADIUS server, refer to your RADIUS software documentation. The order in which the name server configurations at different levels are preferred is described in DNS Name Server Address Overview.
In practice, choose either the domain-name-server
statement or the domain-name-server-inet
statement for
IPv4 addresses. They both have the same effect and there is no need
to use both statements. If you do use both statements, addresses configured
with domain-name-server-inet
are preferred over addresses
configured with domain-name-server
.
For example, the following sample configuration specifies two
IPv4 domain name servers. The server configured with the domain-name-server-inet
statement, 192.0.2.23, is preferred over the server configured with
the domain-name-server
statement, 198.51.100.31.
[edit access] user@host# set domain-name-server 198.51.100.31 user@host# set domain-name-server-inet 192.0.2.23
To configure DNS name server addresses globally:
Configure an IPv4 address.
content_copy zoom_out_map[edit access] user@host# set domain-name-server-inet dns-address
Alternatively, you can use a different statement to configure an IPv4 address.
content_copy zoom_out_map[edit access] user@host# set domain-name-server dns-address
Configure an IPv6 address.
content_copy zoom_out_map[edit access] user@host# set domain-name-server-inet6 dns-address
For example, to configure multiple addresses of each type:
[edit access] user@host# set domain-name-server-inet 198.51.100.31 user@host# set domain-name-server-inet 198.51.100.100 user@host# set domain-name-server-inet6 2001:db8:85a3::8a2e:370:81ca user@host# set domain-name-server-inet6 2001:db8:85a3::8a2e:370:7334
To configure DNS name server addresses in an access profile:
Configure an IPv4 address.
content_copy zoom_out_map[edit access profile profile-name] user@host# set domain-name-server-inet dns-address
Alternatively, you can use a different statement to configure an IPv4 address.
content_copy zoom_out_map[edit access profile profile-name] user@host# set domain-name-server dns-address
Configure an IPv6 address.
content_copy zoom_out_map[edit access profile profile-name] user@host# set domain-name-server-inet6 dns-address
For example, to configure multiple addresses of each type:
[edit access profile vrf-s-access] user@host# set domain-name-server-inet 198.51.100.01 user@host# set domain-name-server-inet 198.51.100.100 user@host# set domain-name-server-inet6 2001:db8:85a3::8a2e:370:ac81 user@host# set domain-name-server-inet6 2001:db8:85a3::8a2e:370:71bfd
See Also
Overriding How the DNS Server Address Is Returned in a DHCPv6 Multiple Address Environment
In a DHCPv6 environment, DHCPv6 clients can use a single Solicit message to request multiple addresses (an IA_NA address, an IA_PD address, or both), as well as the DNS server address (DHCPv6 attribute 23). By default, the DHCPv6 local server returns the DNS server address as a global DHCPv6 option.
You can override the default behavior and specify that the DHCPv6 local server returns DNS server addresses as their respective IA_NA and IA_PD suboptions. You can configure the DHCPv6 local server to support the override globally, for a specific group, or for a specific interface.
Some customer premises equipment (CPE) cannot recognize the DNS server address when the address is returned as an IA_NA or IA_PD suboption, which can create interoperability issues.
To configure the DHCPv6 local server to return the DNS server address as an IA_NA or IA_PD suboption.
See Also
DNS Resolver for IPv6 DNS Overview
In a network that uses Neighbor Discovery Router Advertisement (NDRA) to provide IPv6 addressing, the DNS server address can be provided in Router Advertisements sent to IPv6 hosts. The address is included in a field called Recursive DNS Server (RDNSS). This feature is useful in networks that are not running DHCPv6.
RADIUS can populate the RDNSS field dynamically when an IPv6 subscriber logs in. On the RADIUS server, you can configure a primary and secondary DNS address in the following VSAs, which are stored in the $junos-ipv6-dns-server variable:
Ipv6-Primary-DNS (26-47)
Ipv6-Secondary-DNS (26-48)
When a subscriber logs in, RADIUS provides the actual DNS server address in the Access-Accept message.
You can also configure a static IPv6 address for DNS servers.
After the subscriber session is established, the DNS address is stored in the session database. When the router sends IPv6 router advertisements, it uses this DNS address in the RDNSS field in the Router Advertisement option.
Configuring a DNS Server Address for IPv6 Hosts
To configure a dynamic DNS server address for IPv6 hosts:
To configure a static DNS server address for IPv6 hosts:
Specify the IPv6 address of the DNS server.
content_copy zoom_out_map[edit dynamic-profiles dynamic-profile-name protocols router-advertisement interface interface-name] user@host# set dns-server-address ipv6-address
Specify the time in seconds for which the DNS server address remains valid.
content_copy zoom_out_map[edit dynamic-profiles dynamic-profile-name protocols router-advertisement interface interface-name dns-server-address address] user@host# set lifetime 2400
The default value of the lifetime is 1800 seconds.