The dns session request-times check command enables the function of checking the number of DNS session request times.
The undo dns session request-times check command disables the function of checking the number of DNS session request times.
dns session request-times check [ max-times max-time ] action { alert | block }
undo dns session request-times check
| Parameter | Description | Value |
|---|---|---|
max-times max-time |
Specifies the maximum number of DNS session request times. |
The value is an integer ranging from 1 to 65535. The default value is 20. |
alert |
Permits the packet and generates a log if the number of DNS session request times is greater than the specified maximum value. |
- |
block |
Blocks the packet and generates a log if the number of DNS session request times is greater than the specified maximum value. |
- |
The function of checking the number of DNS session request times is disabled by default.
After this function is enabled, the FW permits or blocks traffic if the number of DNS session request times is greater than the specified maximum value. If no maximum number of request times is specified, the default value 20 is used.
# In the intrusion prevention profile profile1, enable the function of checking the number of DNS session request times, specify the maximum number of request times to 50, and set the action to block.
<sysname> system-view [sysname] profile type ips name profile1 [sysname-profile-ips-profile1] dns session request-times check max-times 50 action block