Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DNS and ASA 5510

Hi guys

I have a question on DNS and ASA.

Does anyone know of any issues with ASA 5510 firewalls not forwarding or blocking DNS packets? Could this be related to an software upgrade from an earlier version to 7.2(4)?

I turned dns inspection and dns-guard off, still not happening.

Many thanks

Elena

1 REPLY
Cisco Employee

Re: DNS and ASA 5510

What do you see in the logs when it (dns: udp 53) fails?

Is this traffic allowed by the acl applied on the ingress interface?

pls. enable logging:

conf t

logging enable

logging buffered 7

exit

sh logg | i x.x.x.x

where x.x.x.x is the host on the inside that has trouble with dns.

Besides the above you can apply captures on the ingress and egress interface to see if we are sending the resquest out the outside interface and if the response is seen or not.

You can refer this link for packet captures:

http://analysisandreview.com/cisco/how-to-configure-a-packet-capture-in-the-cisco-asa/

147
Views
0
Helpful
1
Replies