Can Cisco 5510 configure to do dns forwarder?

Answered Question
Jun 28th, 2010
User Badges:

Hi,


My client is using the public dns but they don't want dhcp to give dns as public dns. They want it to point to firewall then only firewall forward the dns to public DNS. Would it possible for ASA 5510?


Regards,

Hing

Correct Answer by Kevin Redmon about 6 years 11 months ago

Hing,


Sort of - you could configure a static statement on the ASA that will equate to the DNS's IP address.  For instance:


static (outside, inside) 10.1.1.253 1.1.1.1


You would also have to ensure that UDP 53 traffic is also allowed via access-list on your inside interface.  On your DHCP server, you would then configure the IP address 10.1.1.253 as your DNS server - in reality, the ASA will simply translate that IP address to the real 1.1.1.1 address.


Hope this helps,

Kevin

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Kevin Redmon Tue, 06/29/2010 - 15:45
User Badges:
  • Cisco Employee,

Hing,


Sort of - you could configure a static statement on the ASA that will equate to the DNS's IP address.  For instance:


static (outside, inside) 10.1.1.253 1.1.1.1


You would also have to ensure that UDP 53 traffic is also allowed via access-list on your inside interface.  On your DHCP server, you would then configure the IP address 10.1.1.253 as your DNS server - in reality, the ASA will simply translate that IP address to the real 1.1.1.1 address.


Hope this helps,

Kevin

VincentLong Tue, 06/29/2010 - 20:29
User Badges:

Hi Kevin,


Thanks alot. That was a brilliant idea.


Regards,

Hing

Kevin Redmon Wed, 06/30/2010 - 06:41
User Badges:
  • Cisco Employee,

Hing,


If you have any further questions, please let us know.  If this solution works for you, please be sure to mark this question as answered.


Thanks in advance,

Kevin

Actions

This Discussion