▀ Enhanced Features and Functionality
License Requirements
DNS Snooping is a licensed Cisco feature. A separate feature license may be required. Contact your Cisco account
representative for detailed information on specific licensing requirements. For information on installing and verifying
licenses, refer to the Managing License Keys section of the Software Management Operations chapter in the System
Administration Guide.
Bulkstatistics Support
Bulkstatistics reporting for the DNS Snooping feature is supported.
For the DNS Snooping feature the following bulkstatistics are available in the ECS schema:
ecs-dns-learnt-ipv4-entries
ecs-dns-flushed-ipv4-entries
ecs-dns-replaced-ipv4-entries
ecs-dns-overflown-ipv4-entries
ecs-dns-learnt-ipv6-entries
ecs-dns-flushed-ipv6-entries
ecs-dns-replaced-ipv6-entries
ecs-dns-overflown-ipv6-entries
How it Works
This section describes how the DNS Snooping feature works.
ECS allows operators to create ruledefs specifying domain names or their segments using options available in the CLI
ruledef syntax (contains, starts-with, ends with, or equal to). This allows operators to match all the traffic going to
specified fully qualified domain names as presented by the UE in the DNS queries, or segments of the domain names.
Internally, when a ruledef containing ip server-domain-name keyword is defined and the ruledef is used in a rulebase, an
IP table similar to the following is created per rulebase per instance.
Operator
contains
=
starts-with
On definition of the ruledefs, the gateway will monitor all the DNS responses sent towards the UE and will snoop the
DNS responses from valid DNS servers. IP addresses (IPv4 and IPv6) resulting from the DNS responses are learnt
dynamically and will be used for further rule matching. These dynamic Service Data Flows (SDFs), containing IP
addresses, may also be reused by ECS for other subscribers from the same routing instance in order to classify the
subscriber traffic.
The dynamic SDFs generated are kept for the TTL specified in the DNS response plus a configurable timer that can be
added to the TTL in case the DNS response contains a very small TTL.
▄ Cisco ASR 5x00 Enhanced Charging Services Administration Guide
38
Domain Name
IP Pool Pointer
gmail
ip-pool1
yahoo.com
ip-pool2
gmail
ip-pool3
Associated Ruledef
List of CNAMES
domain_google
l.google.com
domain_yahoo
domain_start_gmail
Enhanced Charging Service Overview