[x]

Attack detection and prevention commands > dns-flood threshold

 

 Next

dns-flood threshold

Use dns-flood threshold to set the global threshold for triggering DNS flood attack prevention.

Use undo dns-flood threshold to restore the default.

Syntax

dns-flood threshold threshold-value

undo dns-flood threshold

Default

The global threshold is 1000 for triggering DNS flood attack prevention.

Views

Attack defense policy view

Predefined user roles

network-admin

mdc-admin

Parameters

threshold-value: Specifies the threshold value. The value range is 1 to 1000000 in units of DNS packets sent to an IP address per second.

Usage guidelines

With global DNS flood attack detection configured, the device is in attack detection state. When the sending rate of DNS packets to an IP address reaches the threshold, the device enters prevention state and takes the specified actions. When the rate is below the silence threshold (three-fourths of the threshold), the device returns to the attack detection state.

The global threshold applies to global DNS flood attack detection. Adjust the threshold according to the application scenarios. If the number of DNS packets sent to a protected DNS server is normally large, set a large threshold. A small threshold might affect the server services. For a network that is unstable or susceptible to attacks, set a small threshold.

Examples

# Set the global threshold to 100 for triggering DNS flood attack prevention in attack defense policy atk-policy-1.

<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] dns-flood threshold 100

Related commands

dns-flood action

dns-flood detect

dns-flood detect non-specific

prev

 

up

 next

dns-flood port 

home

 exempt acl

© Copyright 2018 Hewlett Packard Enterprise Development LP