Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
508
Views
0
Helpful
1
Replies

How to instruct PIX no inspect the dns of max length 1200 only for specific dns server

ssocsupport
Level 1
Level 1

‎02-08-2010 07:41 AM - edited ‎03-11-2019 10:06 AM

Good Day,

we have an idea of migrating the ip segments in IPV6 which may use the dns packet of length 1200.

How do i tell my pix to inspect the dns packet of max length 1200 only for specific dns and to instruct other dns to take normal dns inspection.

Kindly advice.

Regards,

SSOC Support

Labels:
0 Helpful
1 Reply 1

Kureli Sankar
Cisco Employee
Cisco Employee

‎02-08-2010 02:55 PM

remove dns inspection from the class default inspection and add it as a separate class where you match an acl where you deny the flow

that you do not want inspected and allow the rest.

Read this thread where https://supportforums.cisco.com/message/3015384#3015384

we removed http inspection from the class default and added it in a separate class.

-KS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card