Agent GuidesWeb Agent GuideHelp Prevent Attacks › Help Prevent DNS DOS Attacks

Previous Topic: Compare IP Addresses to Prevent Security Breaches

Next Topic: Manage Password Services

Help Prevent DNS DOS Attacks

If a web server receives HTTP requests with false IP addresses, the Web Agent tries to resolve the IP addresses to fully qualified domain names. For large volumes of HTTP requests, a denial-of-service condition could affect the Web Agent and possibly the DNS servers. The following parameter controls whether the Web Agent performs DNS lookups:

DisableDNSLookup

Prevents the Web Agent from performing DNS lookups.

To help prevent DNS DOS attacks

  1. Verify that the DisableDNSLookup parameter does not end with an s. Some earlier versions of the ACO templates and LocalConfig.conf files possibly contain this error. The correct parameter ends with a p.
  2. Set the value of the DisableDNSLookup parameter to yes.

Important! Fully qualified domain names must be used for cookie-based functions to work properly when the value of this parameter is set to yes.