How do your internal users get a IP address? What do they receive as a DNS server. The ASA, depending on the config might only need an access-list entry and a translation. You dont need a public address for this. Can you post your config?
I see you are getting Non-authoritative answer: The first thing that you need to understand about NSLOOKUP is that when you use the NSLOOKUP command, it assumes that you are querying a local domain on your private network. You can query an external domain in your case yahoo.com, but NSLOOKUP will try to search for the domain internally first. For example, the yahoo.com domain is external to your network. Non-authoritative answer is when NSLOOKUP queries an external domain.
Couple of things to check on your DNS server to get you to browse the internet via your Internal DNS server.
1, make sure your DNS Forwarders are configured correctly. You should be using your ISP DNS servers as forwarders. Contact you ISP to get details.
2, Make sure you have the reverse lookup zone configured correctly, and enable it to accept dynamic updates
3, Please Post ipconfig /all for your DNS server and one of your PC. - Your DNS server should have itslef as DNS server and your host PC's should also have your internal DNS server as their DNS server.
4, Can the server access the internet? Is this the only server in the domain or are there other dc's. Also are they all windows DNS.
Also you do not need to open any port or make any inbound NAT change on you FW to your inside DNS server. Just make sure DNS is permitted outbound.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...