Cisco 4700M Configuration Manual page 232

Configuring a DNS Parameter Map
Associating a DNS Parameter Map with a Layer 3 and Layer 4
Policy Map
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-108
If the ACE continues to receive DNS queries on the same UDP connection, the
UDP connection does not time out. In this case, the queries without answers will
time out in 10 seconds. To change this time-out value, use the timeout query
command in DNS parameter map configuration mode. The syntax of this
command is as follows:
timeout query number
The number argument specifies the length of time in seconds that the ACE keeps
the query entries without answers in the hash table before timing them out. Enter
an integer from 2 to 120 seconds. The default is 10 seconds.
For example, to time out DNS queries with no responses after 20 seconds, enter
the following commands:
host1/Admin(config)# parameter-map type dns DNS_PARAMMAP
host1/Admin(config-parammap-dns)# timeout query 20
To reset the query timeout value to the default of 10 seconds, enter the following
commands:
host1/Admin(config)# parameter-map type dns DNS_PARAMMAP
host1/Admin(config-parammap-dns)# no timeout query 20
You can associate a DNS parameter map with a Layer 3 and Layer 4 policy map
by using the appl-parameter dns advanced-options command in policy map
class configuration mode.
The syntax of this command is as follows:
appl-parameter dns advanced-options name
The name argument is the name of an existing DNS parameter map. Parameter
maps aggregate DNS traffic-related actions together. Enter the name of an
existing DNS parameter map as an unquoted text string with no spaces and a
maximum of 64 alphanumeric characters. For details about configuring a DNS
parameter map, see the
Chapter 3 Configuring Application Protocol Inspection
"Configuring a DNS Parameter Map" section.
OL-16202-01