BIND and ASA 5510 w/ 8.0(2)

Unanswered Question
Feb 20th, 2008

Has anyone experienced DNS resolution problems using BIND behind an ASA running 8.0(2) with the default inspection policies applied? Any help is appreciated...

I'm seeing DNS requests go out to the internet, via packet capture, but nothing returning. However I haven't looked at the packets further to identify if they're being altered in some way...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Wed, 02/20/2008 - 19:13

Since you said you're using BIND, I assume you mean it's having trouble forwarding queries across your firewall to the Internet?

Or are Internet users querying against your BIND server?

I once had to change the message-length maximum in order for zone transfers to work properly, but nothing for normal dns queries.

astroman Wed, 02/20/2008 - 21:02

You are correct. BIND is sending requests through the ASA (ASA is translating and passing the packets - I've taken captures on inside/outside interfaces) but no replies are coming back. I'm wondering if there is some odd DNS packet alteration going on?

I built a Windows DNS server, and things seem to be working normally...

Any insight or experience is appreciated...

Actions

This Discussion