index_68
Router Security Configuration Guide
UNCLASSIFIED
68
UNCLASSIFIED
Version 1.0g
DNS Name Resolution
Cisco IOS supports looking up host names with DNS. By default, name queries are
sent to the broadcast address 255.255.255.255. If one or more name servers are
available on the network, and you want to be able to use names in IOS commands,
then explicitly set the name server addresses using the global configuration command
ip name-server addresses. Otherwise, turn off DNS name resolution with the
command no ip name-server. The example below shows how to set up a main
and backup DNS server address for the router Central.
Central# config t
Enter configuration commands, one per line. End with CNTL/Z.
Central(config)# ip name-server 14.1.1.2 14.2.9.1
Central(config)# end
4.2.3. Configuration Example
The configuration listing below shows the configuration commands for disabling
typical unneeded services, as described above. This sample is formatted as it would
appear in a configuration text file stored on a host for download to the router Central.
For more information about NTP and SNMP security configuration, see section 4.5.
! ----- IP and network services Section
no cdp run
no ip subnet-zero
no ip source-route
no ip classless
no service tcp-small-serv
no service udp-small-serv
no ip finger
no service finger
no ip bootp server
no ip http server
no ip name-server
! ----- Boot control section
no boot network
no service config
! ----- SNMP Section (for totally disabling SNMP)
! set up totally restrictive access list
no access-list 70
access-list 70 deny any
! make SNMP read-only and subject to access list
snmp-server community aqiytj1726540942 ro 11
! disable SNMP trap and system-shutdown features
no snmp-server enable traps
no snmp-server system-shutdown
no snmp-server trap-auth
! turn off SNMP altogether
no snmp-server