DNS and ASA 5510

Unanswered Question
Sep 19th, 2009

Hi guys

I have a question on DNS and ASA.

Does anyone know of any issues with ASA 5510 firewalls not forwarding or blocking DNS packets? Could this be related to an software upgrade from an earlier version to 7.2(4)?

I turned dns inspection and dns-guard off, still not happening.

Many thanks

Elena

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kureli Sankar Sat, 09/26/2009 - 05:26

What do you see in the logs when it (dns: udp 53) fails?

Is this traffic allowed by the acl applied on the ingress interface?

pls. enable logging:

conf t

logging enable

logging buffered 7

exit

sh logg | i x.x.x.x

where x.x.x.x is the host on the inside that has trouble with dns.

Besides the above you can apply captures on the ingress and egress interface to see if we are sending the resquest out the outside interface and if the response is seen or not.

You can refer this link for packet captures:

http://analysisandreview.com/cisco/how-to-configure-a-packet-capture-in-the-cisco-asa/

Actions

This Discussion