



Once you have applied the configuration you can verify access via the ASDM log.
How to on CLI
dns domain-lookup outside dns server-group DefaultDNS name-server 8.8.8.8 ! dynamic-filter updater-client enable dynamic-filter use-database ! access-list botnet-exclude extended deny ip any 10.100.0.0 255.255.0.0 access-list botnet-exclude extended permit ip any any ! dynamic-filter enable interface outside classify-list botnet-exclude ! class-map botnet-DNS match port udp eq domain ! policy-map botnet-policy class botnet-DNS inspect dns dynamic-filter-snoop ! service-policy botnet-policy interface outside ! dynamic-filter blacklist name www.cisco.com
