dns on asa

cfajardo1_2 · ‎08-31-2008

hello,

is it possible to just configure a dns server on asa and just use hostnames to the rest of the configuration?

if yes, how? sorry i cant find any docs.

robertson.michael · ‎08-31-2008

Hi Celso,

If you simply want to refer to hostnames within your configuration rather than IP addresses, you can use the 'name' command. So, your configuration could look something like this (taken from the ASA command reference):

hostname(config)# names

hostname(config)# name 192.168.42.3 sa_inside

hostname(config)# name 209.165.201.3 sa_outside

hostname(config-if)# ip address inside sa_inside 255.255.255.0

hostname(config-if)# ip address outside sa_outside 255.255.255.224

Also, here is a link to that command reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/no.html#wp1747000

Hope that helps.

-Mike

cfajardo1_2 · ‎08-31-2008

thx but what am asking is if theres a way to add a dns ip and the asa will do a lookup there for name resolution rather than doing all this harcoded names on asa?

ariesc_33 · ‎09-01-2008

i had to create hundreds of names and groups manually on the firewall to simplify my configuration.

this is a good question, hope someone can clarify this.

robertson.michael · ‎09-02-2008

Unfortunately, this is not possible. You must use either an IP address or a name (configured with the 'name' command mentioned above) in the firewall's configuration. You can also use object-groups to condense ACLs, but again this all must be manually entered at least once into the firewall's configuration.

-Mike

cfajardo1_2 · ‎09-07-2008

so it seems it is not possible at all...thx a lot gents