Cisco ASA Regex that matches a "root" DNS query
Posted on 2010-08-17
I am currently under a DDOS DNS attack. It is not clear if I am the victim or an unwilling participant in an attempt to DDOS someone else.
In any event, a query is sent to our DNS server looking for the "root". The DNS server has been configured to ignore the request other wise it would reply with the list of root servers.
I would like to configure our Cisco ASA to block the request at the firewall before it ever reaches the DNS server.
I would like to inspect DNS and check the "Domain Name" field for the root or "." However I can't seem to figure out how to create the Regex that would match when the query just contains the period character.
Can anyone provide assitance?