985
client-verify dns enable
Use client-verify dns enable to enable DNS client verification on an interface.
Use undo client-verify dns enable to disable DNS client verification on an interface.
Syntax
client-verify dns enable
undo client-verify dns enable
Default
DNS client verification is disabled on an interface.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
Enable DNS client verification on the interface connected to the external network. This feature
protects internal DNS servers against DNS flood attacks.
For the DNS client verification to collaborate with DNS flood attack prevention, specify client-verify
as the DNS flood attack prevention action. During collaboration, the device adds the victim IP
address to the protected IP list and verifies the untrusted sources if it detects a DNS flood attack. You
can use the display client-verify dns protected ip command to display the protected IP list for
DNS client verification.
Examples
# Enable DNS client verification on interface GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] client-verify dns enable
Related commands
client-verify dns protected ip
display client-verify dns protected ip
client-verify http enable
Use client-verify http enable to enable HTTP client verification on an interface.
Use undo client-verify http enable to disable HTTP client verification on an interface.
Syntax
client-verify http enable
undo client-verify http enable
Default
HTTP client verification is disabled on an interface.
Views
Interface view