DNS and ASA 5510

Unanswered Question
Sep 19th, 2009
User Badges:

Hi guys

I have a question on DNS and ASA.

Does anyone know of any issues with ASA 5510 firewalls not forwarding or blocking DNS packets? Could this be related to an software upgrade from an earlier version to 7.2(4)?

I turned dns inspection and dns-guard off, still not happening.

Many thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kureli Sankar Sat, 09/26/2009 - 05:26
User Badges:
  • Cisco Employee,

What do you see in the logs when it (dns: udp 53) fails?

Is this traffic allowed by the acl applied on the ingress interface?

pls. enable logging:

conf t

logging enable

logging buffered 7


sh logg | i x.x.x.x

where x.x.x.x is the host on the inside that has trouble with dns.

Besides the above you can apply captures on the ingress and egress interface to see if we are sending the resquest out the outside interface and if the response is seen or not.

You can refer this link for packet captures:



This Discussion