Dns-Flood Action; Dns-Flood Detect - H3C MSR Series Command Reference Manual

dns-flood action

Use dns-flood action to specify global actions against DNS flood attacks.
Use undo dns-flood action to restore the default.
Syntax
dns-flood action { client-verify | drop | logging } *
undo dns-flood action
Default
No global action is specified for DNS flood attacks.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
client-verify: Adds the victim IP addresses to the protected IP list for DNS client verification. If DNS
client verification is enabled, the device provides proxy services for protected servers.
drop: Drops subsequent DNS packets destined for the victim IP addresses.
logging: Enables logging for DNS flood attack events.
Usage guidelines
For the DNS flood attack detection to collaborate with the DNS client verification, make sure the
client-verify keyword is specified and the DNS client verification is enabled. To enable DNS client
verification, use the client-verify dns enable command.
Examples
# Specify drop as the global action against DNS flood attacks in the attack defense policy
atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] dns-flood action drop
Related commands

dns-flood detect

dns-flood detect non-specific
dns-flood threshold
client-verify dns enable
dns-flood detect
Use dns-flood detect to configure IP address-specific DNS flood attack detection.
Use undo dns-flood detect to remove the IP address-specific DNS flood attack detection
configuration.
Syntax
dns-flood detect { ip ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] [ port
port-list ] [ threshold threshold-value ] [ action { { client-verify | drop | logging } *| none } ]
1047