udp port 53 issue

Unanswered Question

hello folks!!!

We have created an ACL to allow TCP and UDP port 53 to/from DMZ and Inside Network. When we use packet-tracer tool through ASDM to verify the connectivity from DMZ to inside interface UDP packet gets dropped.


When we test the same port_53 using TCP it works perfectly fine.


We are getting error (inspect-dns-invalid-pak)DNS Inspect Invalid Packet.


Kindly Help us troubleshoot the problem.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sachinraja Tue, 01/06/2009 - 13:55

Joseph


From CCO:


inspect-dns-invalid-pak - This counter will increment when the security appliance detects an invalid DNS packet. For example, a DNS packet with no DNS header, the number of DNS resource records not matching the counter in the header, etc.


Is DNS resolution from inside to DMZ not working ? browsing etc ? This is just an information message.. nothing serious here..


DNS is on DMZ right ?


Regards

Raj

Actions

This Discussion