How to get DNS IP's via DHCP on ASA5505

Unanswered Question
May 16th, 2008

I just found why my lookups take so long. My ISP has changed their DNS servers to a dynamic config so my servers are no longer valid and I don't know how to configure my asa5505 to do dhcp to automatically get the dns ip's.


Any help much appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bhatok Sat, 05/17/2008 - 09:45

You can configure DHCP on your ASA to use the DNS, WINS, and Domain name it obtains from the outside interface using DHCP or PPPOE by using the dhcpd auto_config command.


For example, your outside interface is setup for PPPOE. Use the following for your ASA to hand out dhcp addresses in the 192.168.1.0-192.168.1.100 and the DNS, WINS, and domain name that it receives from the ISP.


dhcpd address 192.168.1.0-192.168.1.100 inside

dhcpd auto_config outside

dhcpd enable inside


Hope this helps.


Brandon

wizumwalt Sat, 05/17/2008 - 12:39

That's what I thought too, and I've got those lines in my config. But everytime I surf the web, my dns lookups take up to a minute because it's not getting the DNS's it needs.


So I've had to put in a DNS address like 4.2.2.2 in my /etc/resolv.conf file till I can get DDNS to work correctly.

srue Sat, 05/17/2008 - 14:25

have you tried a windows box to see if you get the same results?

wizumwalt Sat, 05/17/2008 - 14:50

I don't have a windows box, but I have a mac, and if I put it on a netgear firewall (which I replaced w/ my asa) and put the netgear behind the asa I don't have the lookup delays.

srue Sat, 05/17/2008 - 17:23

is the problem that the ASA won't hand out the DNS servers it pulls from your ISP? or is the problem that the servers it does get aren't returning responses in a timely fashion?

wizumwalt Sat, 05/17/2008 - 21:18

The problem is that it's not able to get dns servers at all. However, any firewall i put behind the ASA is able to get DNS servers so that when I browse from the 2nd firewall, it works fine. But if I browse from the ASA, it takes a while to resolve url's.

Actions

This Discussion