beautypg.com

Configuring the dns trusted interface, Setting the dscp value for outgoing dns packets, Enabling dhcp starvation attack protection – H3C Technologies H3C S12500-X Series Switches User Manual

Page 92

background image

81

You can configure only one source interface on the public network or a VPN. When you configure a new

source interface, the last configuration takes effect. You can configure the source interface for the public
network and a maximum of 1024 VPNs.
To specify the source interface for DNS packets:

Step Command Remarks

1.

Enter system view.

system-view

N/A

2.

Specify the source
interface for DNS

packets.

dns source-interface interface-type
interface-number [ vpn-instance

vpn-instance-name ]

By default, no source interface for
DNS packets is specified.
If you specify the vpn-instance
vpn-instance-name option, make

sure the source interface is on the

specified VPN.

Configuring the DNS trusted interface

By default, an interface obtains DNS suffix and domain name server information from DHCP. The

network attacker might act as the DHCP server to assign wrong DNS suffix and domain name server

address to the device. As a result, the device fails to get the resolved IP address or might get the wrong

IP address. With the DNS trusted interface specified, the device only uses the DNS suffix and domain
name server information obtained through the trusted interface to avoid attack.
To configure the DNS trusted interface:

Step Command Remarks

1.

Enter system view.

system-view

N/A

2.

Specify the DNS trusted

interface.

dns trust-interface interface-type
interface-number

By default, no DNS trusted
interface is specified.
You can configure up to 128 DNS
trusted interfaces.

Setting the DSCP value for outgoing DNS packets

The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority

of the packet. A bigger DSCP value represents a higher priority.
To specify the DSCP value for outgoing DNS packets:

Step Command Remarks

1.

Enter system view.

system-view

N/A

2.

Specify the DSCP value
for outgoing DNS

packets.

DSCP value for IPv4 DNS packets:

dns dscp dscp-value

DSCP value for IPv6 DNS packets:

ipv6 dns dscp dscp-value

By default, the DSCP value for
outgoing DNS packets is 0.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: