cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


190
Views
0
Helpful
1
Replies
Highlighted
Beginner

DNS dynamic feed block traffic testing

Hi Folks,

I've recently added a dns policy to my ACL with all the dynamic feed options selected.

I'm using a zone as my source and testing from this zone.

I"m unable to trigger a block and wondered if I have missed something?

I can confirm:

1/ cisco-dns-and-url-intelligence-feed is up to date : 2017-11-09 recent timestamp

2/ i'm testing a bunch of url's from http://mirror1.malwaredomains.com/files/domains.txt

if I test a few in my browser the proxy blocks it, so I would be confident that it should also be blocked via Cisco dynamic feed.

3/ i can see the traffic pass through the SFR device via, system support capture-traffic tcpdump

Everyone's tags (4)
1 REPLY 1
Beginner

Re: DNS dynamic feed block traffic testing

I also noticed that a laptop running Cisco Umbrellar resolves look ups from the malware list of domains.