Chapter 63 System
ZyWALL Series CLI Reference Guide
517
open DNS server is a DNS server which is willing to resolve recursive DNS queries from anyone on the
Internet.
In a DNS amplification attack, an attacker sends a DNS name lookup request to an open DNS server
with the source address spoofed as the victim’s address. When the DNS server sends the DNS record
response, it is sent to the victim. Attackers can request as much information as possible to maximize the
amplification effect.
63.6.2 DNS Commands
The following table identifies the values required for many of these commands. Other input values are
discussed with the corresponding commands.
The following table describes the commands available for DNS. You must use the
configure
terminal
command to enter the configuration mode before you can use these commands.
Table 295 Input Values for General DNS Commands
LABEL DESCRIPTION
address_objec
t
The name of the IP address (group) object. You may use 1-31 alphanumeric characters,
underscores(
_), or dashes (-), but the first character cannot be a number. This value is case-
sensitive.
interface_nam
e
The name of the interface.
Ethernet interface: For some Zyxel Device models, use gex, x = 1 - N, where N equals the
highest numbered Ethernet interface for your Zyxel Device model.
For other Zyxel Device models, use a name such as wan1, wan2, opt, lan1, or dmz.
virtual interface on top of Ethernet interface: add a colon (:) and the number of the virtual
interface. For example: gex:y, x = 1 - N, y = 1 - 4
VLAN interface: vlanx, x = 0 - 4094
virtual interface on top of VLAN interface: vlanx:y, x = 0 - 4094, y = 1 - 12
bridge interface: brx, x = 0 - N, where N depends on the number of bridge interfaces your
Zyxel Device model supports.
virtual interface on top of bridge interface: brx:y, x = the number of the bridge interface, y = 1
- 4
PPPoE/PPTP interface: pppx, x = 0 - N, where N depends on the number of PPPoE/PPTP
interfaces your Zyxel Device model supports.
Table 296 Command Summary: DNS
COMMAND DESCRIPTION
[no] ip dns server a-record fqdn w.x.y.z
Sets an A record that specifies the mapping of a fully qualified
domain name (FQDN) to an IP address. The
no command deletes an
A record.
ip dns server cache-flush
Clears the DNS.
[no] ip dns server mx-record domain_name
{w.x.y.z|fqdn}
Sets a MX record that specifies a mail server that is responsible for
handling the mail for a particular domain. The
no command deletes
a MX record.
ip dns server rule {<1..32>|append|insert
<1..32>} access-group
{ALL|address_object} zone
{ALL|address_object} action {accept|deny}
Sets a service control rule for DNS requests.
To Next Page
Loading...
