DNS Inspection
•
•
•
•
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
DNS Inspect Map
The DNS Inspect Map dialog box is accessible as follows:
Cisco ASA 5500 Series Configuration Guide using ASDM
37-8
CNAME—Canonical name
SOA—Start of a zone of authority
TSIG—Transaction signature
IXFR—Incremental (zone) transfer
AXFR—Full (zone) transfer
DNS Type Field Value—Specifies to match either a DNS type field value or a DNS type field
–
range.
Value—Lets you enter an arbitrary value between 0 and 65535 to match.
Range—Lets you enter a range match. Both values between 0 and 65535.
Class Criterion Values—Specifies the value details for the DNS class match.
DNS Class Field Name—Specifies to match on internet, the DNS class field name.
–
DNS Class Field Value—Specifies to match either a DNS class field value or a DNS class field
–
range.
Value—Lets you enter an arbitrary value between 0 and 65535 to match.
Range—Lets you enter a range match. Both values between 0 and 65535.
Question Criterion Values—Specifies to match on the DNS question section.
Resource Record Criterion Values—Specifies to match on the DNS resource record section.
Resource Record— Lists the sections to match.
–
Additional—DNS additional resource record
Answer—DNS answer resource record
Authority—DNS authority resource record
Domain Name Criterion Values—Specifies to match on the DNS domain name.
Regular Expression—Lists the defined regular expressions to match.
–
Manage—Opens the Manage Regular Expressions dialog box, which lets you configure regular
–
expressions.
Regular Expression Class—Lists the defined regular expression classes to match.
–
Manage—Opens the Manage Regular Expression Class dialog box, which lets you configure
–
regular expression class maps.
Security Context
Transparent Single
•
•
Chapter 37
Configuring Inspection of Basic Internet Protocols
Multiple
Context
System
—
•
OL-20339-01