ip dns randomization
This command supports DNS queries source port and Query ID randomization. The purpose is to prevent DNS spoofing attacks. There are two modes of operation:
| ■ | Forwarding Plan |
| ■ | DNS proxy. |
In Forwarding Plan mode (where an external DNS server on the MSBR’s WAN side is advertised), only the source port will be randomized.
In DNS proxy mode (where MSBR itself is configured as DNS server on its LAN side), both DNS Query ID and source port used on the MSBR’s WAN side, will be randomized.
Syntax
# ip dns randomization
Note
This command is applicable only to data-router functionality.
Command Mode
Privileged User
Example
This example activates the randomization feature on all DNS queries outgoing from the MSBR to the WAN side.
(config-data)# ip dns randomization