110
not answer or forward a DNS request if it cannot find a local matching DNS entry or reach the DNS
server.
You can configure DNS spoofing for the public network and a maximum of 1024 VPNs. You can
specify only one replied IPv4 address on the DNS spoofing device for the public network or each
VPN.
If you use the command multiple times, the most recent configuration takes effect.
Examples
# Enable DNS spoofing on the public network and specify the IPv4 address 1.1.1.1 to spoof DNS
requests.
<Sysname> system-view
[Sysname] dns proxy enable
[Sysname] dns spoofing 1.1.1.1
Related commands
dns proxy enable
dns trust-interface
Use dns trust-interface to specify the DNS trusted interface.
Use undo dns trust-interface to remove the specified DNS trusted interface. If you do not specify
an interface, the undo dns trust-interface command removes all DNS trusted interfaces.
Syntax
dns trust-interface interface-type interface-number
undo dns trust-interface [ interface-type interface-number ]
Default
No trusted interface is specified.
Views
System view
Predefined user roles
network-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
By default, an interface obtains DNS suffix and DNS server information from DHCP. A network
attacker might act as the DHCP server to assign a wrong DNS suffix and DNS server address to the
device. As a result, the device fails to obtain the resolved IP address or might get the wrong IP
address. With the DNS trusted interface specified, the device only uses the DNS suffix and DNS
server information obtained through the trusted interface to avoid attack.
This configuration is applicable to both IPv4 and IPv6.
You can configure up to 128 DNS trusted interfaces on the device.
Examples
# Specify VLAN-interface 2 as the DNS trusted interface.
<Sysname> system-view
[Sysname] dns trust-interface vlan-interface 2
To Next Page
Loading...
