< Home

dns domain check

Function

The dns domain check command enables the DNS domain name check function.

The undo dns domain check command disables the DNS domain name check function.

Format

dns domain check action { alert | block }

undo dns domain check

Parameters

Parameter Description Value

alert

Permits the packet and generates a log if the DNS domain name contains unexpected characters.

-

block

Blocks the packet and generates a log if the DNS domain name contains unexpected characters.

-

Views

Intrusion prevention profile view

Default Level

2: Configuration level

Usage Guidelines

The DNS domain name check function is disabled by default.

After the DNS domain name check function is enabled, the FW permits or blocks traffic and generates a log if any domain name contains unexpected characters.

Example

# In the intrusion prevention profile profile1, enable the DNS domain name check function and set the action to block.

<sysname> system-view
[sysname] profile type ips name profile1
[sysname-profile-ips-profile1] dns domain check action block
Parent Topic: Intrusion Prevention Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >