47-6
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 47 Configuring Inspection of Basic Internet Protocols
DNS Inspection
DNS Class Map
The DNS Class Map dialog box is accessible as follows:
Configuration > Global Objects > Class Maps > DNS
The DNS Class Map pane lets you configure DNS class maps for DNS inspection.
An inspection class map matches application traffic with criteria specific to the application. You then
identify the class map in the inspect map and enable actions. The difference between creating a class
map and defining the traffic match directly in the inspect map is that you can create more complex match
criteria and you can reuse class maps. The applications that support inspection class maps are DNS, FTP,
H.323, HTTP, IM, and SIP.
Fields
• Name—Shows the DNS class map name.
• Match Conditions—Shows the type, match criterion, and value in the class map.
–
Match Type—Shows the match type, which can be a positive or negative match.
–
Criterion—Shows the criterion of the DNS class map.
–
Value—Shows the value to match in the DNS class map.
• Description—Shows the description of the class map.
• Add—Adds match conditions for the DNS class map.
• Edit—Edits match conditions for the DNS class map.
• Delete—Deletes match conditions for the DNS class map.
Modes
The following table shows the modes in which this feature is available:
Add/Edit DNS Traffic Class Map
The Add/Edit DNS Traffic Class Map dialog box is accessible as follows:
Configuration > Global Objects > Class Maps > DNS > Add/Edit DNS Traffic Class Map
The Add/Edit DNS Traffic Class Map dialog box lets you define a DNS class map.
Fields
• Name—Enter the name of the DNS class map, up to 40 characters in length.
• Description—Enter the description of the DNS class map.
• Add—Adds a DNS class map.
• Edit—Edits a DNS class map.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••—