Client-Verify Dns Enable - HP FlexNetwork MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
Default
No user blacklist entries exist.
Views
System view
Predefined user roles
network-admin
Parameters
user-name: Specifies a user by the username, a case-sensitive string of 1 to 55 characters. Packets
sourced from this user will be dropped.
timeout minutes: Specifies the aging time for the blacklist entry, in the range of 1 to 1000 minutes. If
you do not specify this option, the blacklist entry never ages out. You must delete it manually.
Usage guidelines
The user blacklist feature must be used together with the user identification feature. For more
information about user identification, see "Configuring user identification."
Examples
# Add a user blacklist entry for the user usera and set the aging time to 20 minutes for the entry.
<Sysname> system
[Sysname] blacklist user usera timeout 20
Related commands
blacklist global enable
display blacklist user
client-verify dns enable
Use client-verify dns enable to enable DNS client verification on an interface.
Use undo client-verify dns enable to disable DNS client verification on an interface.
Syntax
client-verify dns enable
undo client-verify dns enable
Default
DNS client verification is disabled on an interface.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
Enable DNS client verification on the interface connected to the external network. This feature
protects internal DNS servers against DNS flood attacks.
For the DNS client verification to collaborate with DNS flood attack prevention, specify client-verify
as the DNS flood attack prevention action. During collaboration, the device adds the victim IP
address to the protected IP list and verifies the untrusted sources if it detects a DNS flood attack. You
820
Advertisement
