9
Parameters
ip-address
: Specifies the IPv4 address used to spoof DNS requests.
vpn-instance vpn-instance-name
: Specifies an MPLS L3VPN instance by its name, a
case-sensitive string of 1 to 31 characters. To enable DNS spoofing for the public network, do not
specify this option.
Usage guidelines
Use the
dns spoofing
command together with the
dns proxy enable
command.
DNS spoofing functions when the DNS proxy does not know the DNS server address or cannot
reach the DNS server. It enables the DNS proxy to spoof DNS queries of type A by responding with
the specified IPv4 address.
The system allows only one replied IPv4 address for the public network or each VPN instance. If you
execute this command multiple times, the most recent configuration takes effect. You can configure
DNS spoofing for both public network and VPN instances.
Examples
# Enable DNS spoofing for the public network and specify IPv4 address 1.1.1.1 for spoofing DNS
requests.
<Sysname> system-view
[Sysname] dns proxy enable
[Sysname] dns spoofing 1.1.1.1
Related commands
dns
proxy
enable
dns trust-interface
Use
dns
trust-interface
to specify a DNS trusted interface.
Use
undo
dns
trust-interface
to remove a DNS trusted interface.
Syntax
dns
trust-interface
interface-type
interface-number
undo
dns
trust-interface
[
interface-type
interface-number
]
Default
No DNS trusted interface is specified.
Views
System view
Predefined user roles
network-admin
Parameters
interface-type
interface-number
: Specifies an interface by its type and number.
Usage guidelines
By default, an interface obtains DNS suffix and DNS server information from DHCP. A network
attacker might act as the DHCP server to assign a wrong DNS suffix and DNS server address to the
device. As a result, the device fails to obtain the resolved IP address or might get the wrong IP
address. With the DNS trusted interface specified, the device only uses the DNS suffix and DNS
server information obtained through the trusted interface to avoid attacks.
Summary of Contents for SOHO IE4300
Page 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...
Page 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...
Page 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...
Page 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...
Page 465: ...ii stp vlan enable 55 vlan mapping modulo 55...
Page 602: ...12 Related commands display mvrp statistics...
Page 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...
Page 678: ...9 Related commands reset pppoe relay statistics...
Page 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...
Page 1770: ...i Contents Time range commands 1 display time range 1 time range 1...
Page 2026: ...34 Related commands display mac authentication...
Page 2028: ...ii...
Page 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...
Page 2308: ...61 ipsec transform set...
Page 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...
Page 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...
Page 2791: ...14 Sysname track 1 Related commands delay display track...
Page 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...
Page 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...