https://community.cisco.com/t5/network-security/dns-guard/m-p/2929415#M148191 <P><SPAN>Hi,</SPAN></P> <DIV></DIV> <DIV>if we dont'have open resolver &nbsp;like 8.8.8.8 and &nbsp;we &nbsp;our dns server just work as a forwarder , enabling dns guard will help ?</DIV> <DIV></DIV> <DIV>Thanks</DIV> Tue, 12 Mar 2019 08:42:38 GMT elite2010 2019-03-12T08:42:38Z https://community.cisco.com/t5/network-security/dns-guard/m-p/2929415#M148191 <P><SPAN>Hi,</SPAN></P> <DIV></DIV> <DIV>if we dont'have open resolver &nbsp;like 8.8.8.8 and &nbsp;we &nbsp;our dns server just work as a forwarder , enabling dns guard will help ?</DIV> <DIV></DIV> <DIV>Thanks</DIV> Tue, 12 Mar 2019 08:42:38 GMT https://community.cisco.com/t5/network-security/dns-guard/m-p/2929415#M148191 elite2010 2019-03-12T08:42:38Z https://community.cisco.com/t5/network-security/dns-guard/m-p/2929416#M148192 <P>dns-guard is a security feature. It basically means that firewall will allow only one response for one dns request packet. It would be recommended to leave it enabled on firewall in either cases - with or without dns forwarding. Ofcourse we can disable it as per requirement.</P> <P></P> <P>For reference:</P> <P>http://www.cisco.com/c/en/us/about/security-center/dns-best-practices.html</P> <P></P> <P>http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/A-H/cmdref1/d3.html</P> <P></P> <P>HTH<BR />-</P> <P>AJ</P> Tue, 27 Dec 2016 10:41:09 GMT https://community.cisco.com/t5/network-security/dns-guard/m-p/2929416#M148192 Ajay Saini 2016-12-27T10:41:09Z