12-17-2013 12:01 PM - edited 03-11-2019 08:19 PM
I have a customer with an ASA-5505 running 8.2(5). There is an internal domain, and the DCs are using local ISP and public DNS forwarders. About a week ago, users started to drop their Internet connection because of name resolution problems. What I've noticed is that no machine, when the internet is down, is able to successfuly receive a response to an nslookup to even a public DNS server on the Internet. I'm at a loss as to what to try next. Any thoughts? Thank you.
12-18-2013 01:46 PM
What does your policy map for DNS look like? It should look similiar to this-
policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512
12-18-2013 02:24 PM
Thanks for the reply, but DNS inspection is already set with the length set to 1536. This ASA has been in place for probably 2.5-3 years with no changes.
I wasn't clear as to what I was intending. When the Internet is down doesn't mean the physical connection is down but that there is no DNS resolution. I can ping hosts on the Internet with an IP address, but we just can't resolve names.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide