This signature is designed to detect the botnet behavior of an infected machine. Some possible options are to exclude your DNS servers as a source or destination, or you could modify the ports to ignore 53 (1-51,54-65535).
You might consider having generic filters for your DNS servers anyway. It is not uncommon for traffic to/from them to trigger a variety of signatures. Trying to create a regex that matches one thing but not another is sometimes very difficult. In our own environment, the botnet behavior would likely be very noticeable for other reasons, so the signature may not be the useful anyway.
No, you shouldn't, especially if you believe there is greener pasture available;-) You could open a ticket with Cisco to fix if you think it's possible to create a "tighter" signature. Until then, I would suggest filtering.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...