udp port 53 issue

Unanswered Question

hello folks!!!

We have created an ACL to allow TCP and UDP port 53 to/from DMZ and Inside Network. When we use packet-tracer tool through ASDM to verify the connectivity from DMZ to inside interface UDP packet gets dropped.

When we test the same port_53 using TCP it works perfectly fine.

We are getting error (inspect-dns-invalid-pak)DNS Inspect Invalid Packet.

Kindly Help us troubleshoot the problem.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sachinraja Tue, 01/06/2009 - 13:55
User Badges:
  • Red, 2250 points or more


From CCO:

inspect-dns-invalid-pak - This counter will increment when the security appliance detects an invalid DNS packet. For example, a DNS packet with no DNS header, the number of DNS resource records not matching the counter in the header, etc.

Is DNS resolution from inside to DMZ not working ? browsing etc ? This is just an information message.. nothing serious here..

DNS is on DMZ right ?




This Discussion