This section describes how to configure global and interface-based
DNS reply flood attack defense.
Procedure
- Configure global DNS reply flood attack defense.
- In the user view, access the system view.
system-view
- Configure DNS reply flood attack defense.
anti-ddos dns-reply-flood source-detect [ alert-rate alert-rate ]
If the
rate of DNS reply packets reaches alert-rate, the global DNS
reply flood attack defense function is triggered. alert-rate is an integer ranging from 1 to 80000000, in pps. The default value
is 2000.
The defense threshold can be automatically learned
or manually configured. For details about the threshold learning configuration,
see Configuring Threshold Learning.
- Configure interface-based DNS reply flood attack defense.
- In the user view, access the system view.
system-view
- Access the interface view.
interface interface-type interface-number
- Configure DNS reply flood attack defense.
anti-ddos dns-reply-flood source-detect [ alert-rate alert-rate ]
If the
rate of DNS reply packets reaches alert-rate, the interface-based
DNS reply flood attack defense function is triggered. alert-rate is an integer ranging from 1 to 80000000, in pps. The default value is 500000.
The attack defense threshold learning applies
only to global DDoS attack defense and not to interface-based DDoS
attack defense. Therefore, the threshold for interface-based DNS reply
flood attack defense must be configured manually using the anti-ddos
dns-reply-flood source-detect command.