11-3
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 11 Configuring Inspection of Basic Internet Protocols
DNS Inspection
(Optional) Configuring a DNS Inspection Policy Map and Class Map
To match DNS packets with certain characteristics and perform special actions, create a DNS inspection
policy map. You can also configure a DNS inspection class map to group multiple match criteria for
reference within the inspection policy map. You can then apply the inspection policy map when you
enable DNS inspection.
Prerequisites
If you want to match a DNS message domain name list, then create a regular expression using one of the
methods below:
• “Creating a Regular Expression” section on page 20-11 in the general operations configuration
guide.
• “Creating a Regular Expression Class Map” section on page 20-14 in the general operations
configuration guide.
Detailed Steps
Step 1 Choose Configuration > Firewall > Objects > Inspect Maps > DNS.
The Configure DNS Maps pane appears.
Step 2 Click Add.
The Add IPv6 Inspection Map dialog box appears.
Step 3 In the Name field, name the inspection policy map.
Step 4 (Optional) In the Description field, add a description.
Step 5 Do one of the following: