dns-flood port
Use dns-flood port to specify the global ports to be protected against DNS flood attacks.
Use undo dns-flood port to restore the default.
Syntax
dns-flood port port-list
undo dns-flood port
Default
The global DNS flood attack prevention protects port 53.
Views
Attack defense policy view
Predefined user roles
network-admin
mdc-admin
Parameters
port-list: Specifies a space-separated list of up to 65535 port number items. Each item specifies a port by its port number or a range of ports in the form of start-port-number to end-port-number. The end-port-number cannot be smaller than the start-port-number.
Usage guidelines
The device detects only DNS packets destined for the specified ports.
The global ports apply to global DNS flood attack detection and IP address-specific DNS flood attack detection with no port specified.
Examples
# Specify the ports 53 and 61000 as the global ports to be protected against DNS flood attacks in attack defense policy atk-policy-1.
<Sysname> system-view [Sysname] attack-defense policy atk-policy-1 [Sysname-attack-defense-policy-atk-policy-1] dns-flood port 53 61000
Related commands
dns-flood action
dns-flood detect
dns-flood detect non-specific