Client-Verify Dns Enable; Client-Verify Http Enable - H3C MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
client-verify dns enable
Use client-verify dns enable to enable DNS client verification on an interface.
Use undo client-verify dns enable to disable DNS client verification on an interface.
Syntax
client-verify dns enable
undo client-verify dns enable
Default
DNS client verification is disabled on an interface.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
Enable DNS client verification on the interface connected to the external network. This feature
protects internal DNS servers against DNS flood attacks.
For the DNS client verification to collaborate with DNS flood attack prevention, specify client-verify
as the DNS flood attack prevention action. During collaboration, the device adds the victim IP
address to the protected IP list and verifies the untrusted sources if it detects a DNS flood attack. You
can use the display client-verify dns protected ip command to display the protected IP list for
DNS client verification.
Examples
# Enable DNS client verification on interface GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] client-verify dns enable
Related commands
client-verify dns protected ip
display client-verify dns protected ip
client-verify http enable
Use client-verify http enable to enable HTTP client verification on an interface.
Use undo client-verify http enable to disable HTTP client verification on an interface.
Syntax
client-verify http enable
undo client-verify http enable
Default
HTTP client verification is disabled on an interface.
Views
Interface view
985
Advertisement
Table of Contents
