The anti-ddos dns-reply-flood source-detect command enables the DNS reply flood attack defense.
The undo anti-ddos dns-reply-flood source-detect command disables the DNS reply flood attack defense.
anti-ddos dns-reply-flood source-detect [ alert-rate alert-rate ]
undo anti-ddos dns-reply-flood source-detect
| Parameter | Description | Value |
|---|---|---|
| alert-rate alert-rate | Specifies the threshold of the DNS reply packet rate that triggers DNS reply flood attack defense. | The value in the system view is an integer ranging from 1 to 80000000, in pps. The default value is 2000. The value in the interface view is an integer ranging from 1 to 80000000, in pps. The default value is 500000. |
System view or interface view (Ethernet interface view, Ethernet sub-interface view, Layer-2 Ethernet interface view, Layer-2 Ethernet sub-interface view, Eth-Trunk interface view, Layer-2 Eth-Trunk interface view, Eth-Trunk sub-interface view, Layer-2 Eth-Trunk sub-interface view, Virtual interface view )
By default, the function is disabled.
The device uses the source detection technology to defend against DNS reply flood attacks.
If you run the anti-ddos dns-reply-flood source-detect command in the system view, the global DNS reply flood attack defense is enabled. If you run the anti-ddos dns-reply-flood source-detect command in the interface view, the interface-specific DNS reply flood attack defense is enabled.
The attack defense threshold obtained by the threshold learning function takes effect only for the global anti-DDoS. Therefore, you must use the anti-ddos dns-reply-flood source-detect command in the interface view to manually set the threshold for the interface-specific DNS reply flood attack defense.
# Set the threshold of DNS reply packet rate that triggers DNS reply flood attack defense to 1000 pps. In this case, when the DNS reply packet rate exceeds 1000 pps, the DNS reply flood attack defense is triggered.
<sysname> system-view [sysname] anti-ddos dns-reply-flood source-detect alert-rate 1000