I have local DNS Server and needs to resolve internet address on behalf of local users.
what steps are needed on Firewall.
LAN users points to local DNS Server for name-resolving
On ASA I have static NAT for local DNS Server with Public IP and
on Inside ACL I allowed udp port 53, on Outside ACL also allowed udp port 53.
It doesnt seems to work, AM I missing some config still
I don't have a way to test, but I think this will work to restrict the NAT to just DNS.
access-list dns-nat extended permit udp host 192.168.1.222 any eq domain
nat (inside) 2 access-list dns-nat
Here's a link for configuring QoS on the ASA.