< Home

anti-ddos dns-request-flood source-detect (System view)

Function

The anti-ddos dns-request-flood source-detect command enables the DNS request flood attack defense in the system view.

The undo anti-ddos dns-request-flood source-detect command disables the DNS request flood attack defense in the system view.

Format

anti-ddos dns-request-flood source-detect mode { basic | auth-ns } [ alert-rate alert-rate ]

undo anti-ddos dns-request-flood source-detect

Parameters

Parameter Description Value
basic Enables basic source detection. -
auth-ns Enables authorization server protection. -
alert-rate alert-rate Specifies the threshold of the DNS request packet rate that triggers DNS request flood attack defense. The value is an integer ranging from 1 to 80000000, in pps. The default value is 2000.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

By default, the function is disabled.

The DNS request flood attack defense functions in either of the following modes:
  • Basic source detection: used when the DNS server functions as a cache server.
  • Authorization server protection: used when the DNS server functions as an authorization server.

If you run the anti-ddos dns-request-flood source-detect command in the system view, the global DNS request flood attack defense is enabled.

Example

# Enable the DNS request flood attack defense in basic source detection mode. Set the threshold of the DNS request packet rate to 1000 pps.

<sysname> system-view
[sysname] anti-ddos dns-request-flood source-detect mode basic alert-rate 1000
Parent Topic: DDoS Attack Defense Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >