< Home

dns snooping server-ip-address

Function

The dns snooping server-ip-address command configures the IP address of a DNS server.

The undo dns snooping server-ip-address command deletes the configuration of a DNS server IP address.

By default, no DNS server IP address is configured on the device.

This command is supported only by the S5720-HI, S5730-HI, S5731-H, S5731S-H, S6720-HI, S5732-H, S6730-H, S6730S-H, and S6730S-HI.

Format

dns snooping server-ip-address server-ip-address

undo dns snooping server-ip-address server-ip-address

Parameters

Parameter Description Value

server-ip-address

Specifies the IP address of a DNS server.

The value is in dotted decimal notation.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

After DNS snooping is enabled, the device parses the received DNS response packets to obtain IP addresses and generates mappings between the IP addresses and domain names. To prevent attacks initiated by DNS response packets, you can run the dns snooping server-ip-address command to specify the IP address of a DNS server. The device then processes only the DNS response packets with the configured DNS server IP address as the source IP address.

Example

# Configure the DNS server IP address 10.1.1.1 on the device.

<HUAWEI> system-view
[HUAWEI] dns snooping server-ip-address 10.1.1.1
Parent Topic: NAC Configuration Commands (Unified Mode)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >