From Firewall Security Technical Implementation Guide - Cisco
Part of DNS servers must be defined for client resolver.
The susceptibility of IP addresses to spoofing translates to DNS host name and IP address mapping vulnerabilities. For example, suppose a source host wishes to establish a Telnet connection with a destination host and queries a DNS server for the IP address of the destination host name. If the response to this query is the IP address of a host operated by an attacker, the source host will establish a connection with the attackers host, rather than the intended target. The user on the source host might then provide logon, authentication, and other sensitive data.
Review the device configuration to ensure that DNS servers have been defined if it has been configured as a client resolver (name lookup). The configuration should look similar to one of the following examples: dns domain-lookup inside dns domain-lookup dmz dns name-server 192.168.1.22 dns name-server 101.14.8.55 Note: DNS lookup on the PIX and ASA is disabled by default.
Configure the device to include DNS servers or disable domain lookup.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer