I will begin by telling you what my end goal is, I am trying to block specific websites on our cisco ASA 5525 using FDQN. I know that this functionality for DNS resolution was not implemented until a specific version.
Current Version: Cisco ASA 5525
ASA Version: 8.6(1)
I can ping external addresses from the ASA however I cannot ping hostnames like "ping google.ca" does not work.
What I've done.
dns domain-lookup inside
dns domain-lookup outside
name-server x.x.x.x (Primary internal dns server)
name-server x.x.x.x (Secondary internal dns server)
name-server 18.104.22.168 (Google external dns server)
name-server 22.214.171.124 (Google external dns server)
With this config I can, however, ping hostnames of internal servers.
This is an example of me pinging an external hostname.
ciscoasa# ping google.ca
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2607:f8b0:4009:803::101f, timeout is 2 seconds:
No route to host 2607:f8b0:4009:803::101f
Success rate is 0 percent (0/1)