Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
372
Views
0
Helpful
1
Replies

udp port 53 issue

josephp
Level 1
Level 1

‎01-06-2009 01:46 PM - edited ‎03-11-2019 07:33 AM

hello folks!!!

We have created an ACL to allow TCP and UDP port 53 to/from DMZ and Inside Network. When we use packet-tracer tool through ASDM to verify the connectivity from DMZ to inside interface UDP packet gets dropped.

When we test the same port_53 using TCP it works perfectly fine.

We are getting error (inspect-dns-invalid-pak)DNS Inspect Invalid Packet.

Kindly Help us troubleshoot the problem.

Labels:
0 Helpful
1 Reply 1

sachinraja
Level 9
Level 9

‎01-06-2009 01:55 PM

Joseph

From CCO:

inspect-dns-invalid-pak - This counter will increment when the security appliance detects an invalid DNS packet. For example, a DNS packet with no DNS header, the number of DNS resource records not matching the counter in the header, etc.

Is DNS resolution from inside to DMZ not working ? browsing etc ? This is just an information message.. nothing serious here..

DNS is on DMZ right ?

Regards

Raj

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card