This section describes how to configure global and interface-based
DNS request flood attack defense.
Procedure
- Configure global DNS request flood attack defense.
- In the user view, access the system view.
system-view
- Configure DNS request flood attack defense.
anti-ddos dns-request-flood source-detect mode { basic | auth-ns } [ alert-rate alert-rate ]
If the rate of DNS request packets reaches alert-rate, the global DNS request flood attack defense function
is triggered. alert-rate is an integer ranging from 1 to 80000000,
in pps. The default value is 2000.
The defense threshold
can be automatically learned or manually configured. For details about
the threshold learning configuration, see Configuring Threshold Learning.
- Configure interface-based DNS request flood attack defense.
- In the user view, access the system view.
system-view
- Access the interface view.
interface interface-type interface-number
- Configure DNS request flood attack defense.
anti-ddos dns-request-flood source-detect [ mode { basic | auth-ns } ] [ alert-rate alert-rate ]
If the rate of DNS request packets reaches alert-rate, the interface-based DNS request flood attack defense function is
triggered. alert-rate is an integer ranging from 1 to 80000000,
in pps. The default value is 150000. The default defense mode is basic.
The
attack defense threshold learning applies only to global DDoS attack
defense and not to interface-based DDoS attack defense. Therefore,
the threshold for interface-based DNS request flood attack defense
must be configured manually using the anti-ddos dns-request-flood
source-detect command.