105
3. Enable DNS spoofing and specify the IP address used to spoof DNS requests. Choose one
option as needed:
IPv4:
dns spoofing ip-address
IPv6:
ipv6 dns spoofing ipv6-address
By default, DNS spoofing is disabled.
Specifying the source interface for DNS packets
About the source interface for DNS packets
This task enables the device to always use the primary IP address of the specified source interface
as the source IP address of outgoing DNS packets. This feature applies to scenarios in which the
DNS server responds only to DNS requests sourced from a specific IP address. If no IP address is
configured on the source interface, no DNS packets can be sent out.
Restrictions and guidelines
When sending an IPv6 DNS request, the device follows the method defined in RFC 3484 to select an
IPv6 address of the source interface.
You can configure only one source interface.
Procedure
1. Enter system view.
system-view
2. Specify the source interface for DNS packets.
dns source-interface interface-type interface-number
By default, no source interface for DNS packets is specified.
Configuring the DNS trusted interface
About DNS trusted interface
This task enables the device to use only the DNS suffix and domain name server information
obtained through the trusted interface. The device can then obtain the correct resolved IP address.
This feature protects the device against attackers that act as the DHCP server to assign incorrect
DNS suffix and domain name server address.
Restrictions and guidelines
You can configure a maximum of 128 DNS trusted interfaces.
Procedure
1. Enter system view.
system-view
2. Specify the DNS trusted interface.
dns trust-interface interface-type interface-number
By default, no DNS trusted interface is specified.
To Next Page
Loading...
Need help?
General