Yes it is required. Snippet from http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/inspect.html#wp1335632
When DNS inspection is enabled, which is the default, the security appliance performs the following additional tasks: •Translates the DNS record based on the configuration completed using the * alias*, *static* and *nat* commands (DNS Rewrite). Translation only applies to the A-record in the DNS reply; therefore, DNS Rewrite does not affect reverse lookups, which request the PTR record With regards Kings On Sat, Feb 26, 2011 at 2:05 AM, Pemasiri Devanarayana <[email protected]>wrote: > Hi, > > When we configure DNS doctoring in the ASA, do we still need to inspect DNS > as follows: > > policy-map global_insp > classs isnpection_default > inspect dns > > thanks > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
