Thank you for your enthusiastic help, your advice is very good. I'm free to try.

This command:
nat (inside, outside) dynamic interface dns

From the outside, with showip.com the site to see the outside of my mouth configure public IP address';

But if I then use this command:
nat (inside, outside) source dynamic any WANIP dns

From the outside, with showip.com the site to see is the address of the public network WANIP me outside port configuration, but after use, only a part of my normal user can use another part of the user is not normally access.

I know your answer is right, my other question is:

nat (inside, outside) source dynamic any WANIP dns
This order is not dynamic PAT something? Just dynamic NAT?

If I want to use, with showip.com the site to see is the address of the public network WANIP me outside port configuration, rather than the outside port I configure the IP address,

So this command:

nat (inside, outside) dynamic interface dns

How to change to achieve my needs?

Hi ,

 If i understand your requirement correctly , you dont want to expose your interface IP address of your ASA device ?? , When you see it from showip.com . 

Below configuration , will PAT complete internal LAN which is being inside interface towards your WANIP for dns service alone .

nat (inside, outside) source dynamic any WANIP dns

Look into below forum for better understanding

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

HTH

Sandy

Thank you for your reply. 
After I tested last night, I think I put my configuration and version posted, more intuitive solution to this problem: 

Configuration is as follows: (where XX, YY words hide) 

Cryptochecksum: 81ea0180 5064e24e d6a99fdf 4385f937 
: Saved 
: Written by cisco at 23:23:35.014 HKST Tue Jul 8 2014 
! 
ASA Version 8.6 (1) 2 
! 
hostname ciscoasa 
enable password c4Nz.hoxE6P9RGps encrypted 
passwd 2KFQnbNIdI.2KYOU encrypted 
names 
! 
interface GigabitEthernet0 / 0 
  nameif outside 
  security-level 0 
  ip address X.X.X.X 255.255.255.240 
! 
interface GigabitEthernet0 / 1 
  nameif inside 
  security-level 100 
  ip address 192.168.0.3 255.255.255.0 
! 
interface GigabitEthernet0 / 2 
  no nameif 
  no security-level 
  no ip address 
! 
interface GigabitEthernet0 / 3 
  no nameif 
  no security-level 
  no ip address 
! 
interface GigabitEthernet0 / 4 
  no nameif 
  no security-level 
  no ip address 
! 
interface GigabitEthernet0 / 5 
  no nameif 
  no security-level 
  no ip address 
! 
interface Management0 / 0 
  nameif Management 
  security-level 100 
  ip address 10.10.10.10 255.255.255.0 
  management-only 
! 
ftp mode passive 
clock timezone HKST 8 
object service tcp80 
  service tcp source eq www destination eq www 
object service TCP110 
  service tcp source eq pop3 destination eq pop3 
object service TCP25 
  service tcp source eq smtp destination eq smtp 
object service 3389 
  service tcp source eq 3389 destination eq 3389 
  description 3389 
object network neupc 
  host 192.168.8.1 
  description neupc 
object network Lan10-24 
  subnet 10.200.0.0 255.255.255.0 
  description Lan10-24 
object network Lan192-16 
  subnet 192.168.0.0 255.255.0.0 
  description Lan192-16 
object network WANIP 
  range XXXX YYYY 
  description WANIP 
object-group protocol TCPUDP 
  protocol-object udp 
  protocol-object tcp 
access-list inside_access_in extended permit ip object Lan192-16 any 
access-list inside_access_in extended permit ip any any 
access-list outside_access_in extended permit ip object WANIP any 
access-list outside_access_in extended permit ip any any 
pager lines 24 
logging enable 
logging asdm informational 
mtu outside 1500 
mtu inside 1500 
mtu Management 1500 
icmp unreachable rate-limit 1 burst-size 1 
no asdm history enable 
arp timeout 14400 
! 
object network Lan192-16 
  nat (inside, outside) dynamic interface dns 
access-group outside_access_in in interface outside 
access-group inside_access_in in interface inside 
route outside 0.0.0.0 0.0.0.0 X.X.X.X 1 
route inside 10.200.0.0 255.255.255.0 192.168.0.254 2 
route inside 192.168.0.0 255.255.0.0 192.168.0.254 1 
timeout xlate 3:00:00 
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute 
timeout tcp-proxy-reassembly 0:01:00 
timeout floating-conn 0:00:00 
dynamic-access-policy-record DfltAccessPolicy 
user-identity default-domain LOCAL 
http server enable 
http 0.0.0.0 0.0.0.0 inside 
http 0.0.0.0 0.0.0.0 Management 
no snmp-server location 
no snmp-server contact 
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart 
telnet 0.0.0.0 0.0.0.0 inside 
telnet timeout 5 
ssh 0.0.0.0 0.0.0.0 inside 
ssh timeout 5 
console timeout 0 
dhcpd dns X.X.X.X interface outside 
! 
dhcpd dns 192.168.10.254 192.168.10.253 interface inside 
! 
threat-detection basic-threat 
threat-detection statistics access-list 
no threat-detection statistics tcp-intercept 
webvpn 
username cisco password isTgz6JlhW4rZzqe encrypted 
! 
class-map inspection_default 
  match default-inspection-traffic 
! 
! 
policy-map type inspect dns preset_dns_map 
  parameters 
   message-length maximum client auto 
   message-length maximum 512 
policy-map global_policy 
  class inspection_default 
   inspect dns preset_dns_map 
   inspect ftp 
   inspect h323 h225 
   inspect h323 ras 
   inspect rsh 
   inspect rtsp 
   inspect esmtp 
   inspect sqlnet 
   inspect skinny 
   inspect sunrpc 
   inspect xdmcp 
   inspect sip 
   inspect netbios 
   inspect tftp 
   inspect ip-options 
! 
service-policy global_policy global 
prompt hostname context domain 
! 
jumbo-frame reservation 
! 
no call-home reporting anonymous 
call-home 
  profile CiscoTAC-1 
   no active 
   destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService 
   destination address email callhome@cisco.com 
   destination transport-method http 
   subscribe-to-alert-group diagnostic 
   subscribe-to-alert-group environment 
   subscribe-to-alert-group inventory periodic monthly 7 
   subscribe-to-alert-group configuration periodic monthly 7 
   subscribe-to-alert-group telemetry periodic daily 
Cryptochecksum: 81ea01805064e24ed6a99fdf4385f937 
: End 

sh ver version as follows: 

Cisco Adaptive Security Appliance Software Version 8.6 (1) 2 
Device Manager Version 6.6 (1) 

Compiled on Fri 01-Jun-12 02:16 by builders 
System image file is "disk0 :/ asa861-2-smp-k8.bin" 
Config file at boot was "startup-config" 

My test results are as follows: 

nat (inside, outside) dynamic interface dns 

The option to remove one of the DNS, the network can not access, IP's DNS for my internal network DNS; 

Follow the tutorial, such as dynamic PAT, if replaced by: 

nat (inside, outside) source dynamic LAN192-16 WANIP destination static WANIP WANIP 

So also no Internet access. 

Another topic I said VPN dial-up, because the IP addresses are public network I use, did not use the domain name dialing, so I think you said DNS option is only a suggestion, in fact, the problem is not in the DNS options. 

I have two ASA devices, this question is 5510, I have a 5500, and that version is relatively low, there is another in my company. But I configure dynamic PAT was no problem, I am very depressed, why this 5510 needs to configure a simple PAT so, there is always a problem, however, the test many times, I do not know what the problem .......