Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
745
Views
2
Helpful
4
Replies

Inbound DNS Serverlist in ASA for NXDomain protection

ttl2short
Level 1
Level 1

‎11-08-2023 06:42 AM

Hi everyone,

Is there any way for the Cisco ASA to inspect inbound DNS queries, for example - 

[INTERNET] --> DNS QUERY --> CISCO ASA[INSPECT] --> Authoritative DNS server

I would like to implement a policy on the ASA that inspects DNS and matches it based on the regex of the domains held by the authoritative server (to block off any NXDomain attacks), but there's very little to no documentation on how to implement this. Has anyone done something like this?

Labels:
4 Replies 4

MHM Cisco World
VIP
VIP

‎12-02-2023 05:54 PM

Dp you solve thos issues?

MHM

0 Helpful

ttl2short
Level 1
Level 1
In response to MHM Cisco World

‎12-05-2023 11:08 AM

No unfortunately, I found this useful video:

https://www.youtube.com/watch?v=-olDok2vico&ab_channel=RobRiker%27sTechChannel

 

but it doesn't really apply to inbound queries to a specific host inside the network. We also have around two thousand records, so i'm not sure if there's a limitation to the regex expressions.

MHM Cisco World
VIP
VIP
In response to ttl2short

‎12-10-2023 02:38 PM

I will check this issue and update you 
MHM

0 Helpful

MHM Cisco World
VIP
VIP

‎12-10-2023 10:28 PM

https://www.cisco.com/c/en/us/td/docs/security/asa/special/botnet/asa-botnet.html

This guide how we can config DNS inspection to inspect DNS query pass through ASA to DNS server' and make two list 

Blacklist and whitelist

MHM

0 Helpful
Customers Also Viewed These Support Documents