The dns malformed-packet check command enables malformed DNS packet detection.
The undo dns malformed-packet check command disables malformed DNS packet detection.
dns malformed-packet check action { alert | block }
undo dns malformed-packet check
alert
When the protocol format of a DNS packet is abnormal, the packet is permitted, and a log is recorded.
-
block
When the protocol format of a DNS packet is abnormal, the packet is blocked, and a log is recorded.
Intrusion prevention profile view
2: Configuration level
By default, this function is disabled.
# In IPS profile profile1, enable malformed DNS packet detection and set the action to block.
<sysname> system-view [sysname] profile type ips name profile1 [sysname-profile-ips-profile1] dns malformed-packet check action block