89DNS servers. In some scenarios, the DNS server only responds to DNS requests sourced from a specificIP address. In such cases, you must specify the source interface for the DNS packets so that the devicecan always uses the primary IP address of the specified source interface as the source IP address of DNSpackets.When sending IPv4 DNS request, the device uses the primary IPv4 address of the source interface as thesource IP address of the DNS request. When sending IPv6 DNS request, the device selects an IPv6address from the addresses configured on the source interface as defined in RFC 3484 as the source IPaddress of the DNS request. If no IP address is configured on the source interface, the DNS packet failsto be delivered.You can configure only one source interface on the public network or a VPN. When you configure a newsource interface, the last configuration takes effect. You can configure the source interface for the publicnetwork and a maximum of 1024 VPNs.To specify the source interface for DNS packets:Step Command Remarks1. Enter system view. system-view N/A2. Specify the sourceinterface for DNSpackets.dns source-interface interface-typeinterface-number [ vpn-instancevpn-instance-name ]By default, no source interface forDNS packets is specified.If you specify the vpn-instancevpn-instance-name option, makesure the source interface is on thespecified VPN.Configuring the DNS trusted interfaceBy default, an interface obtains DNS suffix and domain name server information from DHCP. Thenetwork attacker might act as the DHCP server to assign wrong DNS suffix and domain name serveraddress to the device. As a result, the device fails to get the resolved IP address or might get the wrongIP address. With the DNS trusted interface specified, the device only uses the DNS suffix and domainname server information obtained through the trusted interface to avoid attack.To configure the DNS trusted interface:Step Command Remarks1. Enter system view. system-view N/A2. Specify the DNS trustedinterface.dns trust-interface interface-typeinterface-numberBy default, no DNS trustedinterface is specified.You can configure up to 128 DNStrusted interfaces.
