config global-dns-server response-rate-limit
Use this command to configure response rate limit objects that you specify in the DNS policy and DNS general configurations.
The response rate limit keeps the FortiADC authoritative DNS server from being used in amplifying reflection denial of service (DoS) attacks.
Before you begin:
- You must have a good understanding of DNS.
- You must have read-write permission for global load balancing settings.
After you have created a response rate limit configuration, you can select it in the DNS policy and DNS general settings configurations.
Syntax
config global-dns-server response-rate-limit
edit <name>
set per-second <integer>
next
end
per-second |
Maximum number of responses per second. The valid range is 1-2040. The default is 1000. |
Example
FortiADC-VM # config global-dns-server response-rate-limit
FortiADC-VM (response-rate-~i) # edit gdns-rl-1
Add new entry 'gdns-rl-1' for node 2313
FortiADC-VM (gdns-rl-1) # end
FortiADC-VM # get global-dns-server response-rate-limit gdns-rl-1
per-second : 1000