11-08-2023 06:42 AM
Hi everyone,
Is there any way for the Cisco ASA to inspect inbound DNS queries, for example -
[INTERNET] --> DNS QUERY --> CISCO ASA[INSPECT] --> Authoritative DNS server
I would like to implement a policy on the ASA that inspects DNS and matches it based on the regex of the domains held by the authoritative server (to block off any NXDomain attacks), but there's very little to no documentation on how to implement this. Has anyone done something like this?
12-02-2023 05:54 PM
Dp you solve thos issues?
MHM
12-05-2023 11:08 AM
No unfortunately, I found this useful video:
https://www.youtube.com/watch?v=-olDok2vico&ab_channel=RobRiker%27sTechChannel
but it doesn't really apply to inbound queries to a specific host inside the network. We also have around two thousand records, so i'm not sure if there's a limitation to the regex expressions.
12-10-2023 02:38 PM
I will check this issue and update you
MHM
12-10-2023 10:28 PM
https://www.cisco.com/c/en/us/td/docs/security/asa/special/botnet/asa-botnet.html
This guide how we can config DNS inspection to inspect DNS query pass through ASA to DNS server' and make two list
Blacklist and whitelist
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide