We recently replaced our NAT Router (3660) with a resilient pair of ASA5520's. All is working well, except that when someone from the 'outside' does a lookup against an 'inside' DNS server, the TTL on the response is not getting re-written as it should.
What this means is that someone looks up a device and gets a valid DNS lookup with a TTL of say 24Hours. They use the connection, then go out for lunch or something and come back. When they try to connect to the device again, the DNS lookup has not expired, but the NAT translation on the ASA has, so they are unable to connect.
This worked perfectly on the 3660 (it reset the TTL on all DNS responses to 0 by default!). However we are unable to find out how to do this on the ASA's.
Please can anyone help? This is really badly affecting people connecting into our Organisation, and if we can't find the resolution soon we will have to rip out the ASA's
Many Thanks in Advance.