Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
337
Views
0
Helpful
2
Replies

Problem with DNS resolution - appears to be issue with ASA

baskervi
Level 1
Level 1

‎12-17-2013 12:01 PM - edited ‎03-11-2019 08:19 PM

I have a customer with an ASA-5505 running 8.2(5). There is an internal domain, and the DCs are using local ISP and public DNS forwarders. About a week ago, users started to drop their Internet connection because of name resolution problems. What I've noticed is that no machine, when the internet is down, is able to successfuly receive a response to an nslookup to even a public DNS server on the Internet. I'm at a loss as to what to try next. Any thoughts? Thank you.

Labels:
0 Helpful
2 Replies 2

Collin Clark
VIP Alumni
VIP Alumni

‎12-18-2013 01:46 PM

What does your policy map for DNS look like? It should look similiar to this-

policy-map type inspect dns preset_dns_map
    parameters
        message-length maximum client auto
        message-length maximum 512
0 Helpful

baskervi
Level 1
Level 1
In response to Collin Clark

‎12-18-2013 02:24 PM

Thanks for the reply, but DNS inspection is already set with the length set to 1536. This ASA has been in place for probably 2.5-3 years with no changes.

I wasn't clear as to what I was intending. When the Internet is down doesn't mean the physical connection is down but that there is no DNS resolution. I can ping hosts on the Internet with an IP address, but we just can't resolve names.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card