How to get DNS IP's via DHCP on ASA5505

wizumwalt · ‎05-16-2008

I just found why my lookups take so long. My ISP has changed their DNS servers to a dynamic config so my servers are no longer valid and I don't know how to configure my asa5505 to do dhcp to automatically get the dns ip's.

Any help much appreciated.

bhatok · ‎05-17-2008

You can configure DHCP on your ASA to use the DNS, WINS, and Domain name it obtains from the outside interface using DHCP or PPPOE by using the dhcpd auto_config command.

For example, your outside interface is setup for PPPOE. Use the following for your ASA to hand out dhcp addresses in the 192.168.1.0-192.168.1.100 and the DNS, WINS, and domain name that it receives from the ISP.

dhcpd address 192.168.1.0-192.168.1.100 inside

dhcpd auto_config outside

dhcpd enable inside

Hope this helps.

Brandon

wizumwalt · ‎05-17-2008

That's what I thought too, and I've got those lines in my config. But everytime I surf the web, my dns lookups take up to a minute because it's not getting the DNS's it needs.

So I've had to put in a DNS address like 4.2.2.2 in my /etc/resolv.conf file till I can get DDNS to work correctly.

srue · ‎05-17-2008

have you tried a windows box to see if you get the same results?

wizumwalt · ‎05-17-2008

I don't have a windows box, but I have a mac, and if I put it on a netgear firewall (which I replaced w/ my asa) and put the netgear behind the asa I don't have the lookup delays.

srue · ‎05-17-2008

is the problem that the ASA won't hand out the DNS servers it pulls from your ISP? or is the problem that the servers it does get aren't returning responses in a timely fashion?

wizumwalt · ‎05-17-2008

The problem is that it's not able to get dns servers at all. However, any firewall i put behind the ASA is able to get DNS servers so that when I browse from the 2nd firewall, it works fine. But if I browse from the ASA, it takes a while to resolve url's.