Currently I have a Symantec Firewall (SF) and the Windows DNS server points to it as a forwarder. The SF has the root servers listed in it, and it does lookups for clients when the Windows box can't resolve. Does the ASA do anything like this?
As far as i am aware the ASA will not forward DNS queries in this way. Obviously you can configure the ASA to allow DNS queries out and back in but that's not the same as your Symantec firewall.