Hi,
I have just enabled DNS snooping on our ASA5585-X in preparation for enabling Botnet filter.
Since we have a fair amount of DNS over TCP and to ensure that I don't leave an easy way around the new protection, I looked at enabling snooping on TCP port 53 as well. Unexpectedly, this resulted in all TCP/53 traffic being dropped. Removing 'botnet_snoop_class_tcp' from 'policy-map botnet_snoop_policy' immediately restores traffic. Is this a known limitation, a bug or a misconfiguration?
Related config:
class-map botnet_snoop_class_udp
match port udp eq 53
class-map botnet_snoop_class_tcp
match port tcp eq 53
!
policy-map botnet_snoop_policy
class botnet_snoop_class_udp
inspect dns dynamic-filter-snoop
class botnet_snoop_class_tcp
inspect dns dynamic-filter-snoop
!
service-policy botnet_snoop_policy interface outside
service-policy botnet_snoop_policy interface inside