Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 47 Configuring Inspection of Basic Internet Protocols
DNS Inspection
CNAME—Canonical name
SOA—Start of a zone of authority
TSIG—Transaction signature
IXFR—Incremental (zone) transfer
AXFR—Full (zone) transfer
DNS Type Field Value—Specifies to match either a DNS type field value or a DNS type field
Value—Lets you enter an arbitrary value between 0 and 65535 to match.
Range—Lets you enter a range match. Both values between 0 and 65535.
• Class Criterion Values—Specifies the value details for the DNS class match.
DNS Class Field Name—Specifies to match on internet, the DNS class field name.
DNS Class Field Value—Specifies to match either a DNS class field value or a DNS class field
Value—Lets you enter an arbitrary value between 0 and 65535 to match.
Range—Lets you enter a range match. Both values between 0 and 65535.
• Question Criterion Values—Specifies to match on the DNS question section.
• Resource Record Criterion Values—Specifies to match on the DNS resource record section.
Resource Record— Lists the sections to match.
Additional—DNS additional resource record
Answer—DNS answer resource record
Authority—DNS authority resource record
• Domain Name Criterion Values—Specifies to match on the DNS domain name.
Regular Expression—Lists the defined regular expressions to match.
Manage—Opens the Manage Regular Expressions dialog box, which lets you configure regular
Regular Expression Class—Lists the defined regular expression classes to match.
Manage—Opens the Manage Regular Expression Class dialog box, which lets you configure
regular expression class maps.
The following table shows the modes in which this feature is available:
DNS Inspect Map
The DNS Inspect Map dialog box is accessible as follows:
Firewall Mode Security Context
Routed Transparent Single
Context System