Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
394
Views
0
Helpful
2
Replies

BIND and ASA 5510 w/ 8.0(2)

astroman
Level 1
Level 1

‎02-20-2008 06:18 PM - edited ‎03-11-2019 05:05 AM

Has anyone experienced DNS resolution problems using BIND behind an ASA running 8.0(2) with the default inspection policies applied? Any help is appreciated...

I'm seeing DNS requests go out to the internet, via packet capture, but nothing returning. However I haven't looked at the packets further to identify if they're being altered in some way...

Labels:
0 Helpful
2 Replies 2

srue
Level 7
Level 7

‎02-20-2008 07:13 PM

Since you said you're using BIND, I assume you mean it's having trouble forwarding queries across your firewall to the Internet?

Or are Internet users querying against your BIND server?

I once had to change the message-length maximum in order for zone transfers to work properly, but nothing for normal dns queries.

0 Helpful

astroman
Level 1
Level 1
In response to srue

‎02-20-2008 09:02 PM

You are correct. BIND is sending requests through the ASA (ASA is translating and passing the packets - I've taken captures on inside/outside interfaces) but no replies are coming back. I'm wondering if there is some odd DNS packet alteration going on?

I built a Windows DNS server, and things seem to be working normally...

Any insight or experience is appreciated...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card