17-30
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
DNS Map Protocol Conformance Tab
Use the Protocol Conformance tab to define DNS security settings and actions for a DNS map.
Navigation Path
Click the Protocol Conformance tab on the Add and Edit DNS Map dialog boxes. See Co nfiguring DNS
Maps, page 17-28.
Related Topics
Understanding Map Objects, page 6-72
Configuring Protocols and Maps for Inspection, page 17-21
Field Reference
DNS Map Filtering Tab
Use the Filtering tab to define DNS filtering settings and actions for a DNS map.
Allow Value Override per
Device
Overrides
Edit button
Whether to allow the object definition to be changed at the device level.
For more information, see Allowing a Policy Object to Be Overridden,
page 6-18 and Understanding Policy Object Overrides for Individual
Devices, page 6-17.
If you allow device overrides, you can click the Edit button to create,
edit, and view the overrides. The Overrides field indicates the number
of devices that have overrides for this object.
Table17-13 Add and Edit DNS Map Dialog Boxes (Continued)
Element Description
Table17-14 DNS Map Protocol Conformance Tab
Element Description
Enable DNS Guard Function Whether to perform a DNS query and response mismatch check using
the identification field in the DNS header. One response per query is
allowed to go through the security appliance.
Generate Syslog for ID
Mismatch
Whether to create syslog entries for excessive instances of DNS
identifier mismatches.
Randomize the DNS
Identifier for DNS Query
Whether to randomize the DNS identifier in the DNS query message.
Enable NAT Rewrite
Function
Whether to enable IP address translation in the A record of the DNS
response.
Enable Protocol Enforcement Whether to enable DNS message format check, including domain
name, label length, compression, and looped pointer check.
Require Authentication
Between DNS Server
(RFC2845)
Action
Whether to require authentication between DNS servers as defined in
RFC 2845. If you select this option, select the action to take when there
is no authentication.