47-8
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 47 Configuring Inspection of Basic Internet Protocols
DNS Inspection
CNAME—Canonical name
SOA—Start of a zone of authority
TSIG—Transaction signature
IXFR—Incremental (zone) transfer
AXFR—Full (zone) transfer
–
DNS Type Field Value—Specifies to match either a DNS type field value or a DNS type field
range.
Value—Lets you enter an arbitrary value between 0 and 65535 to match.
Range—Lets you enter a range match. Both values between 0 and 65535.
• Class Criterion Values—Specifies the value details for the DNS class match.
–
DNS Class Field Name—Specifies to match on internet, the DNS class field name.
–
DNS Class Field Value—Specifies to match either a DNS class field value or a DNS class field
range.
Value—Lets you enter an arbitrary value between 0 and 65535 to match.
Range—Lets you enter a range match. Both values between 0 and 65535.
• Question Criterion Values—Specifies to match on the DNS question section.
• Resource Record Criterion Values—Specifies to match on the DNS resource record section.
–
Resource Record— Lists the sections to match.
Additional—DNS additional resource record
Answer—DNS answer resource record
Authority—DNS authority resource record
• Domain Name Criterion Values—Specifies to match on the DNS domain name.
–
Regular Expression—Lists the defined regular expressions to match.
–
Manage—Opens the Manage Regular Expressions dialog box, which lets you configure regular
expressions.
–
Regular Expression Class—Lists the defined regular expression classes to match.
–
Manage—Opens the Manage Regular Expression Class dialog box, which lets you configure
regular expression class maps.
Modes
The following table shows the modes in which this feature is available:
DNS Inspect Map
The DNS Inspect Map dialog box is accessible as follows:
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••—
