DNS
DNS uses a UDP connection. This makes DNS queries subject to generic UDP handling based
on activity timeouts. DNS, therefore, requires application inspection. As soon as the first
response is received for a DNS query, the UDP connection is terminated. This is known as
DNS guard and is discussed further in Chapter 19, “IPS and Advanced Protocol Handling.”
The DNS inspection task includes the following:
■ Compares the ID of the DNS reply to the ID of the DNS query.
■ Translates the DNS A record.
■ Confirms the length of the DNS packet is less than the maximum length specified by the
user. Otherwise, the packet is dropped.