set monitor dns alert
- Aliaksei Shautsou (Deactivated)
- Arkadi_Bourkov
The set monitor dns alert commands enable DNS alert monitoring and set the thresholds for invalid DNS responses. After you enable DNS alert monitoring, the appliance monitors the UDP traffic on port 53 for recursive DNS queries, and then reports invalid DNS responses on UDP ports that are not open and with mismatched TXIDs. You must enable DNS network monitoring when you enable DNS alert monitoring. For information, see the set monitor dns command.
You can also configure the thresholds for invalid DNS responses. When the number of invalid responses exceeds the thresholds, the appliance logs the event and sends SNMP traps and notifications, if previously enabled. The default thresholds for both invalid ports and invalid TXIDs are 50%. You can configure the thresholds either as absolute packet counts or as percentages of the total traffic during a one minute time interval.
This command is useful for monitoring possible cache poisoning. Use the show monitor dns alert status command to view invalid port and invalid TXID data.
Note: This command is not supported for IPv6 in NIOS 7.0 and later releases.
Syntax
set monitor dns alert {on | off} set monitor dns alert modify {port | txid} over threshold_value {packets | percent}
| Argument | Description |
|---|---|
on | Enables DNS alert monitoring. |
off | Disables DNS alert monitoring. |
| Sets the thresholds for invalid DNS responses |
Examples
Turning on and off DNS alert monitoring
Infoblox > set monitor dns alert on Infoblox > set monitor dns alert off
Triggering a DNS alert when the percentage of invalid DNS responses on UDP ports exceeds 70% per minute
Infoblox > set monitor dns alert modify port over 70 percent
Triggering a DNS alert when the total packet count of invalid DNS responses with mismatched TXIDs is over 100 packets per minute
Infoblox > set monitor dns alert modify txid over 100 packets