You use the MODIFY-DNS-ACCESS command to specify:
which DNS Resolver accesses the DNA data.
for which IP and IPv6 addresses and which processors access to DNS data is permitted in BCAM, i.e. for which addresses and names queries are sent to DNS. The replies supplied by DNS are not checked against the specified restrictions.
The SDF alias name for MODIFY-DNS-ACCESS is MDDNA.
The MODIFY-DNS-ACCESS command is a subfunction of DNS support in BCAM.
BS2000 console | BS2000 SDF command | Command/SOF file | SNMP management | Parameter service |
x | x | x | x |
List of valid command sources
MODIFY-DNS-ACCESS / MDDNA | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
DNS-RESOLVER=
Specifies which DNS Resolver is used by BCAM and Sockets.
DNS-RESOLVER=*UNCHANGED
The setting defining which DNS Resolver is addressed remains unchanged.
DNS-RESOLVER=*PARAMETERS(...)
The DNS Resolver is defined via the port number used by the DNS Resolver or via the IP address of the DNS Resolver’s IPv6 address.
PORT-NUMBER=*UNCHANGED
The setting for the port number remains unchanged.
PORT-NUMBER=*STD
The DNS Resolver with the default port number is addressed.
Default: 921.
PORT-NUMBER= <integer 1..65535> / <x-string 3..4>
Port number of the DNS Resolver.
IP-ADDRESS= *UNCHANGED
The IP address setting remains unchanged.
IP-ADDRESS= *STD
The DNS Resolver with the default IP address is addressed.
The default IP address is the LOOPBACK address.
Default: 127.0.0.1.
IP-ADDRESS= <composed-name 7..15> / <x-string 7..8>
IP address of the DNS Resolver.
IPV6-ADDRESS= *UNCHANGED
The IPv6 address setting remains unchanged.
Note:
The operand is evaluated only if IP-ADDRESS is not specified.
IPV6-ADDRESS= *STD
The DNS Resolver with the default IPv6 address is addressed.
The default IPv6 address is the LOOPBACK address.
Default: ::1.
IPV6-ADDRESS= <text 3..45> / <c-string 3..45>
IPv6 address of the DNS Resolver.
IP-ADDRESS-RANGE=
Sets an IP-specific restriction to access to DNS data in BCAM.
IP-ADDRESS-RANGE=*UNCHANGED
Access to DNS data for processors within the specified address range remains unchanged.
IP-ADDRESS-RANGE=*ALL
Access to DNS data is permitted for all processors whatever the IP address.
IP-ADDRESS-RANGE=*NONE
Access to DNS data to determine a processor name via reverse lookup is prohibited for processors with an IP address.
IP-ADDRESS-RANGE=*ADD(...)
Access to DNS data is permitted for all processors with an IP address in the specified IP address range. The maximum number of definable address ranges is specified using the MAX-DNS-ACC-ENTRIES operand in DCSTART/DCOPT.
Default: 4096
FROM=<composed-name 7..15>
Smallest IP address in the IP address range that is to be specified.
TO=<composed-name 7..15>
Largest IP address in the IP address range that is to be specified.
IP-ADDRESS-RANGE=*REMOVE(...)
Removes an IP address range. Access to DNS data is prohibited for processors with IP addresses in this range.
FROM=<composed-name 7..15>
Smallest IP address in the IP address range that is to be specified.
TO=<composed-name 7..15>
Largest IP address in the IP address range that is to be specified.
IPV6-ADDRESS-RANGE=
Sets an IPv6-specific restriction for access to DNS data in BCAM.
IPV6-ADDRESS-RANGE=*UNCHANGED
Access to DNS data for processors with an IPv6 address remains unchanged.
IPV6-ADDRESS-RANGE=*ALL
Access to DNS data is permitted for processors with any IPv6 address.
IPV6-ADDRESS-RANGE=*NONE
Access to DNS data to determine a processor name via reverse lookup is prohibited for processors with an IPv6 address.
IPV6-ADDRESS-RANGE=*ADD(...)
Access to DNS data is permitted for all processors with an IPv6 address and this IPv6 prefix. The maximum number of definable IPv6- prefixes is specified with the MAX-DNS-ACC-ENTRIES operand in DCSTART/DCOPT.
Default: 4096
Syntax of IPv6 prefixes: <IPv6-address>/<IPv6-prefix-length>
For more details, see section "IPv4 addresses".
In terms of characters, the shortest description of an IPv6 prefix has a length of 9 bytes. It should be noted that an IPv6 prefix is not complete unless the prefix length is also specified. If the IPv6 prefix length is not specified then the prefix length 0 is entered; when a check is performed, this corresponds to a prefix length of 128 bits.
IPV6-PREFIX=<text 9..49>
IPv6 prefix of IPv6 addresses. Access to DNS data is permitted for all processors with an IPv6 address and this IPv6 prefix.
Examples
8765::0/8 Prefix of minimum length with single-digit prefix length
FE80::0/10 link of local prefix
FC80::0/10 site of local prefix
IPV6-ADDRESS-RANGE=*REMOVE(...)
Removes IPv6 addresses. Access to DNS data is no longer permitted for processors with an IPv6 address and this IPv6 prefix.
IPV6-PREFIX=<text 9..49>
Access to DNS data is no longer permitted for processors with an IPv6 address and this IPv6 prefix.
NAMES=
Sets a name-specific restriction for access to DNS data in BCAM.
This setting relates exclusively to the use of names when establishing a NEA connection from the BCAM HOST to a remote PROCESSOR.
NAMES=*UNCHANGED
Access to DNS data for processors in the specified namespace remains unchanged
NAMES=*ALL
Access to DNS data is permitted for processors with any name.
NAMES=*NONE
Access to DNS data is prohibited for all processors regardless of name.
NAMES=*ADD(...)
Access to DNS data is permitted for all processors with a name from the specified namespace. The maximum number of definable (partially qualified) processor names is specified in the MAX-DNS-ACC-ENTRIES operand in DCSTART/ DCOPT.
Default: 4096
PROCESSOR-NAME=<composed-name 1..8 with_wildcard>
Processor name or, in the case of a partially qualified specification, namespace.
NAMES=*REMOVE(...)
Removes a namespace. Access to DNS data is prohibited for processors with a name in the specified namespace.
PROCESSOR-NAME=<composed-name 1..8 with_wildcard>
Processor name or, in the case of a partially qualified specification, namespace.
Command logging
Positive acknowledgements are sent in message BCA0614 and negative acknowledgments in BCA0615.
A description of the error messages that may be issued during command processing is provided in the table below.
Command return codes
(SC2) | Maincode | Meaning |
| CMD0001 | Command processed successfully |
| CMD0202 | Error in command (due to SDF) |
| BCA0615 | No changes made by MODIFY-DNS-ACCESS |
| BCA0768 | Error in command (due to command processing) |
| BCA0814 | BCAM is being terminated abnormally |
| BCA0816 | BCAM is terminating |
| BCA0766 | BCAM is not active |
Examples
Access to DNS data is permitted for any IP address belonging to any processor
/MODIFY-DNS-ACCESS IP-ADDRESS-RANGE=*ALLAccess to DNS data is prohibited for all IPv6 addresses:
/MODIFY-DNS-ACCESS IPV6-ADDRESS-RANGE=*NONEAccess to DNS data is permitted for all IPv6 addresses whose first n bits correspond to the specified IPv6 prefix-length>, where n=<IPv6-prefix-length> and n<=128.
The following example refers to section "IPv6 address prefixes" (IPv6 addresses):
IPv6 prefix length: 60
IPv6- address: 12AB::CD30:123:4567:89AB:CBEF
IPv6 prefix: 12AB::CD30:123:4567:89AB:CBEF/60
The first 60 bits are valid.Since 60 can be divided by 4, the IPv6 prefix here can be written as follows: 12AB000000000CD3
However, this procedure does not work for other IPv6 prefixes such as 10 or 58. Consequently, the more complex formulation of IPv6 set out above has to be used./MODIFY-DNS-ACCESS IPV6-ADDRESS-RANGE= -
*ADD(IPV6-PREFIX=12AB::CD30:123:4567:89AB:CDEF/60)