---

---

Router Security Configuration Guide UNCLASSIFIED 68 UNCLASSIFIED Version 1.0g DNS Name Resolution Cisco IOS supports looking up host names with DNS.  By default, name queries are sent to the broadcast address 255.255.255.255.  If one or more name servers are available on the network, and you want to be able to use names in IOS commands, then explicitly set the name server addresses using the global configuration command   ip name-server addresses.  Otherwise, turn off DNS name resolution with the command no ip name-server.  The example below shows how to set up a main and backup DNS server address for the router Central. Central# config t Enter configuration commands, one per line.  End with CNTL/Z. Central(config)# ip name-server 14.1.1.2 14.2.9.1 Central(config)# end 4.2.3.    Configuration Example The configuration listing below shows the configuration commands for disabling typical unneeded services, as described above.  This sample is formatted as it would appear in a configuration text file stored on a host for download to the router Central.   For more information about NTP and SNMP security configuration, see section 4.5. ! ----- IP and network services Section no cdp run no ip subnet-zero no ip source-route no ip classless no service tcp-small-serv no service udp-small-serv no ip finger no service finger no ip bootp server no ip http server no ip name-server ! ----- Boot control section no boot network no service config ! ----- SNMP Section (for totally disabling SNMP) ! set up totally restrictive access list no access-list 70 access-list 70 deny any ! make SNMP read-only and subject to access list snmp-server community aqiytj1726540942 ro 11 ! disable SNMP trap and system-shutdown features no snmp-server enable traps no snmp-server system-shutdown no snmp-server trap-auth ! turn off SNMP altogether no snmp-server