dns guard

elite2010 · ‎12-26-2016

Hi,

if we dont'have open resolver like 8.8.8.8 and we our dns server just work as a forwarder , enabling dns guard will help ?

Thanks

Ajay Saini · ‎12-27-2016

dns-guard is a security feature. It basically means that firewall will allow only one response for one dns request packet. It would be recommended to leave it enabled on firewall in either cases - with or without dns forwarding. Ofcourse we can disable it as per requirement.

For reference:

http://www.cisco.com/c/en/us/about/security-center/dns-best-practices.html

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/A-H/cmdref1/d3.html

HTH
-

AJ