Problem with DNS resolution - appears to be issue with ASA

Unanswered Question
Dec 17th, 2013
User Badges:

I have a customer with an ASA-5505 running 8.2(5). There is an internal domain, and the DCs are using local ISP and public DNS forwarders. About a week ago, users started to drop their Internet connection because of name resolution problems. What I've noticed is that no machine, when the internet is down, is able to successfuly receive a response to an nslookup to even a public DNS server on the Internet. I'm at a loss as to what to try next. Any thoughts? Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Wed, 12/18/2013 - 13:46
User Badges:
  • Purple, 4500 points or more

What does your policy map for DNS look like? It should look similiar to this-

policy-map type inspect dns preset_dns_map
        message-length maximum client auto
        message-length maximum 512
baskervi Wed, 12/18/2013 - 14:24
User Badges:

Thanks for the reply, but DNS inspection is already set with the length set to 1536. This ASA has been in place for probably 2.5-3 years with no changes.

I wasn't clear as to what I was intending. When the Internet is down doesn't mean the physical connection is down but that there is no DNS resolution. I can ping hosts on the Internet with an IP address, but we just can't resolve names.


This Discussion