dns domain length check
Function
The dns domain length check command enables the DNS domain name length check function.
The undo dns domain length check command disables the DNS domain name length check function.
Format
dns domain length check [ max-length max-length ] action { alert | block }
undo dns domain length check
Parameters
| Parameter | Description | Value |
|---|---|---|
| max-length max-length | Specifies the maximum DNS domain name length to be checked. | The value is an integer ranging from 1 to 255. The default value is 64. |
| alert | Permits the packet and generates a log if the DNS domain name is longer than the maximum length. | - |
| block | Blocks the packet and generates a log if the DNS domain name is longer than the maximum length. | - |
Usage Guidelines
The DNS domain name length check function is disabled by default.
After the DNS domain name length check function is enabled, the AC permits or blocks traffic and generates a log if the length of any domain name exceeds the specified maximum length. If no maximum length is specified, the default value 64 is used.
Example
# In the intrusion prevention profile profile1, enable the DNS domain name length check function, specify the maximum length to 255, and set the action to block.
<AC6605> system-view [AC6605] profile type ips name profile1 [AC6605-profile-ips-profile1] dns domain length check max-length 255 action block
