Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem with DNS resolution - appears to be issue with ASA

I have a customer with an ASA-5505 running 8.2(5). There is an internal domain, and the DCs are using local ISP and public DNS forwarders. About a week ago, users started to drop their Internet connection because of name resolution problems. What I've noticed is that no machine, when the internet is down, is able to successfuly receive a response to an nslookup to even a public DNS server on the Internet. I'm at a loss as to what to try next. Any thoughts? Thank you.

2 REPLIES

Problem with DNS resolution - appears to be issue with ASA

What does your policy map for DNS look like? It should look similiar to this-

policy-map type inspect dns preset_dns_map
    parameters
        message-length maximum client auto
        message-length maximum 512
New Member

Problem with DNS resolution - appears to be issue with ASA

Thanks for the reply, but DNS inspection is already set with the length set to 1536. This ASA has been in place for probably 2.5-3 years with no changes.

I wasn't clear as to what I was intending. When the Internet is down doesn't mean the physical connection is down but that there is no DNS resolution. I can ping hosts on the Internet with an IP address, but we just can't resolve names.

149
Views
0
Helpful
2
Replies
CreatePlease login to create content