Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
276
Views
0
Helpful
3
Replies

Thousands of DNS connections in PIX 515e

pizzov
Level 1
Level 1

‎09-20-2007 11:54 AM - edited ‎03-11-2019 04:14 AM

We're having intermittent problems getting to the Internet thru our PIX 515e. I issued the "show conn" command and there are thousands and thousands of DNS connections for our internal DNS server with multiple Internet IP's....should this be the case? Do I need to allow DNS inbound into our network, or should I just need to allow it outbound?

Labels:
0 Helpful
3 Replies 3

srue
Level 7
Level 7

‎09-20-2007 11:57 AM

if that DNS server is also responsible for your public address space and name resolution, then you need to allow it inbound...otherwise, definitely not. it sounds like the public is using it as their own dns server.

0 Helpful

pizzov
Level 1
Level 1
In response to srue

‎09-20-2007 12:31 PM

Yes, thank you! I had 55,000 connections for my internal DNS server! As soon as I blocked it, all is well! Thanks.

0 Helpful

opers13
Level 1
Level 1

‎10-23-2007 03:26 PM

can you go into more detail about your dns problem...we are also having DNS issues when thousands of dns translations "clogged" the PIX..and only "clear xlate" solves the issue.

tx

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card