The anti-ddos dns-request-flood source-detect command enables the DNS request flood attack defense in the interface view.
The undo anti-ddos dns-request-flood source-detect command disables the DNS request flood attack defense in the interface view.
anti-ddos dns-request-flood source-detect mode { basic | auth-ns } [ alert-rate alert-rate ]
undo anti-ddos dns-request-flood source-detect
| Parameter | Description | Value |
|---|---|---|
| basic | Enables basic source detection. | - |
| auth-ns | Enables authorization server protection. | - |
| alert-rate alert-rate | Specifies the threshold of the DNS request packet rate that triggers DNS request flood attack defense. | The value is an integer ranging from 1 to 80000000, in pps. The default value is 150000. |
Ethernet interface view, Ethernet sub-interface view, Layer-2 Ethernet interface view, Layer-2 Ethernet sub-interface view, Eth-Trunk interface view, Layer-2 Eth-Trunk interface view, Eth-Trunk sub-interface view, Layer-2 Eth-Trunk sub-interface view, Virtual interface view
By default, the function is disabled.
If you run the anti-ddos dns-request-flood source-detect command in the interface view, the interface-specific DNS request flood attack defense is enabled.
The attack defense threshold obtained by the threshold learning function takes effect only for the global anti-DDoS. Therefore, you must use the anti-ddos dns-request-flood source-detect command in the interface view to manually set the threshold for the interface-specific DNS request flood attack defense.
# Enable the DNS request flood attack defense in basic source detection mode. Set the threshold of the DNS request packet rate to 1000 pps.
<sysname> system-view [sysname] interface GigabitEthernet 0/0/1 [sysname-GigabitEthernet0/0/1] anti-ddos dns-request-flood source-detect mode basic alert-rate 1000