Fortinet black logo

CLI Reference

config global-dns-server response-rate-limit

config global-dns-server response-rate-limit

Use this command to configure response rate limit objects that you specify in the DNS policy and DNS general configurations.

The response rate limit keeps the FortiADC authoritative DNS server from being used in amplifying reflection denial of service (DoS) attacks.

Before you begin:

  • You must have a good understanding of DNS.
  • You must have read-write permission for global load balancing settings.

After you have created a response rate limit configuration, you can select it in the DNS policy and DNS general settings configurations.

Syntax

config global-dns-server response-rate-limit

edit <name>

set per-second <integer>

next

end

per-second

Maximum number of responses per second. The valid range is 1-2040. The default is 1000.

Example

FortiADC-VM # config global-dns-server response-rate-limit

FortiADC-VM (response-rate-~i) # edit gdns-rl-1

Add new entry 'gdns-rl-1' for node 2313

FortiADC-VM (gdns-rl-1) # end

FortiADC-VM # get global-dns-server response-rate-limit gdns-rl-1

per-second : 1000

config global-dns-server response-rate-limit

Use this command to configure response rate limit objects that you specify in the DNS policy and DNS general configurations.

The response rate limit keeps the FortiADC authoritative DNS server from being used in amplifying reflection denial of service (DoS) attacks.

Before you begin:

  • You must have a good understanding of DNS.
  • You must have read-write permission for global load balancing settings.

After you have created a response rate limit configuration, you can select it in the DNS policy and DNS general settings configurations.

Syntax

config global-dns-server response-rate-limit

edit <name>

set per-second <integer>

next

end

per-second

Maximum number of responses per second. The valid range is 1-2040. The default is 1000.

Example

FortiADC-VM # config global-dns-server response-rate-limit

FortiADC-VM (response-rate-~i) # edit gdns-rl-1

Add new entry 'gdns-rl-1' for node 2313

FortiADC-VM (gdns-rl-1) # end

FortiADC-VM # get global-dns-server response-rate-limit gdns-rl-1

per-second : 1000