dns trust-interface
Use dns trust-interface to specify a DNS trusted interface.
Use undo dns trust-interface to remove a DNS trusted interface.
Syntax
dns trust-interface interface-type interface-number
undo dns trust-interface [ interface-type interface-number ]
Default
No DNS trusted interface is specified.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
By default, an interface obtains DNS suffix and DNS server information from DHCP. A network attacker might act as the DHCP server to assign a wrong DNS suffix and DNS server address to the device. As a result, the device fails to obtain the resolved IP address or might get the wrong IP address. With the DNS trusted interface specified, the device only uses the DNS suffix and DNS server information obtained through the trusted interface to avoid attacks.
This configuration applies to both IPv4 DNS and IPv6 DNS.
You can configure a maximum of 128 DNS trusted interfaces on the device.
If you do not specify an interface, the undo dns trust-interface command removes all DNS trusted interfaces and restores the default.
Examples
# Specify VLAN-interface 2 as a DNS trusted interface.
<Sysname> system-view [Sysname] dns trust-interface vlan-interface 2