I will begin by telling you what my end goal is, I am trying to block specific websites on our cisco ASA 5525 using FDQN. I know that this functionality for DNS resolution was not implemented until a specific version.
Current Version: Cisco ASA 5525
ASA Version: 8.6(1)
I can ping external addresses from the ASA however I cannot ping hostnames like "ping google.ca" does not work.
What I've done.
dns domain-lookup inside
dns domain-lookup outside
name-server x.x.x.x (Primary internal dns server)
name-server x.x.x.x (Secondary internal dns server)
name-server 22.214.171.124 (Google external dns server)
name-server 126.96.36.199 (Google external dns server)
With this config I can, however, ping hostnames of internal servers.
This is an example of me pinging an external hostname.
ciscoasa# ping google.ca
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2607:f8b0:4009:803::101f, timeout is 2 seconds:
I forgot to mention that I was adding the name servers and domain name to the DefaultDNS group already, though I did remove my secondary internal dns server to reflect exactly what you sent to me, unfortunately still no luck.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...