dns trust-interface

Use dns trust-interface to specify a DNS trusted interface.

Use undo dns trust-interface to remove a DNS trusted interface.

Syntax

dns trust-interface interface-type interface-number

undo dns trust-interface [ interface-type interface-number ]

Default

No DNS trusted interface is specified.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

By default, an interface obtains DNS suffix and DNS server information from DHCP. A network attacker might act as the DHCP server to assign a wrong DNS suffix and DNS server address to the device. As a result, the device fails to obtain the resolved IP address or might get the wrong IP address. With the DNS trusted interface specified, the device only uses the DNS suffix and DNS server information obtained through the trusted interface to avoid attacks.

This configuration applies to both IPv4 DNS and IPv6 DNS.

You can configure a maximum of 128 DNS trusted interfaces on the device.

If you do not specify an interface, the undo dns trust-interface command removes all DNS trusted interfaces and restores the default.

Examples

# Specify VLAN-interface 2 as a DNS trusted interface.

<Sysname> system-view
[Sysname] dns trust-interface vlan-interface 2