DNS is one of the most important services today to address applications on the internet or to connect to a server, e.g. for maintenance purposes. This makes it all the more important to use the available hardening measures. With the configuration parameters shown here, the use of DNS can be secured relatively easily.

conf t
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
id-randomization
id-mismatch action log
tsig enforced action log
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
exit
write memory