Configuration Guide 10. DNS Query Randomization
Version 7.2 73 Security Setup
10 DNS Query Randomization
The device supports DNS query source port and Query ID randomization from Version 6.8.
The purpose of this feature is to prevent DNS spoofing attacks.
There are two modes of operation for DNS Query Randomization:
Forwarding Plan mode: An external DNS server on the device’s WAN side is
advertised); only the source port is randomized.
DNS proxy mode: The device is configured as a DNS server on its LAN side.
Both the DNS Query ID and source port used on the device’s WAN side are
randomized. This option activates the randomization feature on all outgoing DNS
queries from the device to the WAN side.
10.1 Configuration Example
This example shows how to activate the DNS query randomization feature above:
# configure data
(config-data)# ip dns randomization
(config-data)# exit
#
To Next Page
Loading...
Need help?
General
