Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1010
Views
0
Helpful
8
Replies

dhcpd dns Config on ASA

Go to solution
mahesh18
Level 6
Level 6

‎08-14-2013 06:34 PM - edited ‎03-11-2019 07:25 PM

Hi Everyone,

On my ASA  i do not have the config

dhcpd dns 64.59.144.19

this is my ISP DNS.

Without the command i am still able to access the internet and ASA  log shows

Aug 14 2013 19:31:09: %ASA-6-302016: Teardown UDP connection 1481 for outside:64.59.144.19/53 to DMZ:192.168.70.2/60527 duration 0:00:00 bytes 90

Aug 14 2013 19:31:09: %ASA-6-302016: Teardown UDP connection 1480 for outside:64.59.144.19/53 to DMZ:192.168.70.2/53809 duration 0:00:00 bytes 390

Is this default behaviour?

Regards

MAhesh

Message was edited by: mahesh parmar

Labels:
15365808-DNSissue ASA.pcap.zip
0 Helpful
4 Accepted Solutions

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎08-14-2013 08:47 PM

Hello,

If you do not have provided to them the DNS server via DHCP how are they using the protocol?

They might have it statically configured or other device is providing that service, do a capture on the client side with wireshark and check where they get the DNS address from.?

Can you doble check that,

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎08-14-2013 08:51 PM

Hi Mahesh,

Are you perhaps using DHCP also on the ASAs "outside" interface?

Do you have this configured perhaps?

dhcpd auto_config outside

You can view this with command

show run dhcpd

- Jouni

View solution in original post

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎08-14-2013 10:20 PM

Hello,

I mean the switch is aware of the DNS servers but based on the configuration you provided there are no sufficient inputs to determine whether it's broadcasting the DNS IP addresses.

So on the client side or any other Active Directory setting there is no DNS configuration setting?

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎08-15-2013 06:16 PM

Hello Mahesh,

with the capture we will not be able to look for something useful as the client already has the DNS server.

What would be good is to check on the client side any configuration related to DNS on the LAN or WLAN properties.

We can see that they are using 64.59.144.19 as the DNS server but the question is how the get it, not from the ASA.... the Switch with only that configuration will not be the one...

There got to be some other clue that you could provide us

7          2.650999          192.168.70.3          64.59.144.19          DNS          73          Standard query A www.google.ca

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎08-14-2013 08:47 PM

Hello,

If you do not have provided to them the DNS server via DHCP how are they using the protocol?

They might have it statically configured or other device is providing that service, do a capture on the client side with wireshark and check where they get the DNS address from.?

Can you doble check that,

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎08-14-2013 08:51 PM

Hi Mahesh,

Are you perhaps using DHCP also on the ASAs "outside" interface?

Do you have this configured perhaps?

dhcpd auto_config outside

You can view this with command

show run dhcpd

- Jouni

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Jouni Forss

‎08-14-2013 09:51 PM

Hi Jouni,

Here is info

ciscoasa#                                 sh run dhcpd

dhcpd address 192.168.70.2-192.168.70.254 DMZ

dhcpd enable DMZ

!

dhcpd address 10.0.0.2-10.0.0.100 inside

dhcpd enable inside

Seems  the switch connected to ASA  is providing the DNS

3550SMIA# sh run | inc dns

   dns-server 64.59.144.19

   dns-server 64.59.144.19

   dns-server 64.59.144.19

This switch is directly connected to ASA outside interface.

ASA outside interface has static ip.

interface Vlan1

description Connection to Outside 3550A

nameif outside

security-level 0

ip address 192.168.71.2 255.255.255.0

So in this scenario switch is provding the dns?

Regards

Mahesh

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎08-14-2013 10:20 PM

Hello,

I mean the switch is aware of the DNS servers but based on the configuration you provided there are no sufficient inputs to determine whether it's broadcasting the DNS IP addresses.

So on the client side or any other Active Directory setting there is no DNS configuration setting?

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Julio Carvajal

‎08-15-2013 05:52 PM

Hi Julio,

I have attached the wireshark capture under the original post.

now is cap file.

Can you have a your expert  look

Regards

Mahesh

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎08-15-2013 06:16 PM

Hello Mahesh,

with the capture we will not be able to look for something useful as the client already has the DNS server.

What would be good is to check on the client side any configuration related to DNS on the LAN or WLAN properties.

We can see that they are using 64.59.144.19 as the DNS server but the question is how the get it, not from the ASA.... the Switch with only that configuration will not be the one...

There got to be some other clue that you could provide us

7          2.650999          192.168.70.3          64.59.144.19          DNS          73          Standard query A www.google.ca

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Julio Carvajal

‎08-15-2013 06:37 PM

Hi Julio,

You are the best i checked the TCP properties the DNS  was hard coded there instead of obtain it automatically.

Best regards

MAhesh

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎08-15-2013 08:15 PM

Hello Mahesh,

Thanks for the kind words, I really appreciate them,

Glad to know that I could help,

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card