We purchased a bunch of Cisco ASA 5505 for our branch offices. Offices are made up of less than 20 end points. We are using it as a firewall and DHCP server at hte moment but also assumed that it had DNS server capabilities. Basically use it as a SOHO router. My research thus far indicates that yes we can use the device as a dns server but it won't resolve locally defined hosts. So it can relay dns request to an external dns server but won't allow me to configured an a record on the device itself.
Can anyone verify this before I look into purchasing another device just to do local DNS server services?
As far as i know the ASA cannot act as a DNS server nor can it act as a DNS relay. What you can do is -
1) configure DNS servers on the ASA that can be used in certain situations for allowing the ASA to resolve a name to an IP. For example using the Botnet filter on the ASA, SSL certificates etc. require the ASA to be able to qurey external DNS servers.
But this is for use by the ASA itself ie. it is used to resolve names within the ASA config. It is not used to allow clients to ask the ASA to resolve DNS names for them. So it can neither act as a DNS server itself nor can it pass on clients DNS queries to DNS servers.
2) if you use the ASA to hand out IPs via DHCP you can add valid DNS servers within the DHCP config just as you can with Windows DHCP.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :