Hi Kings, Actually my concern is if the question ask to configure dns doctoring, do we still need to do dns inspection even though its there by default..? and also allow dns on the firewall outside..?
On Sat, Feb 26, 2011 at 1:01 PM, Kingsley Charles < [email protected]> wrote: > Yes it is required. > > Snippet from > http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/inspect.html#wp1335632 > > When DNS inspection is enabled, which is the default, the security > appliance performs the following additional tasks: > > •Translates the DNS record based on the configuration completed using the > *alias*, *static* and *nat* commands (DNS Rewrite). Translation only > applies to the A-record in the DNS reply; therefore, DNS Rewrite does not > affect reverse lookups, which request the PTR record > > > > With regards > Kings > > On Sat, Feb 26, 2011 at 2:05 AM, Pemasiri Devanarayana <[email protected] > > wrote: > >> Hi, >> >> When we configure DNS doctoring in the ASA, do we still need to inspect >> DNS as follows: >> >> policy-map global_insp >> classs isnpection_default >> inspect dns >> >> thanks >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
