Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 5510 as a DNS forwarder

Currently i have a cisco 5510 configured as firewall. But my internal DNS is not allowed DNS forwarder hence my server and client PC can't access internet with the internal DNS configure as a primaty DNS. So, do i have any chance to configure the ASA 5510 as DNS forwarder?

4 REPLIES

Re: Cisco 5510 as a DNS forwarder

Your DNS server should query the DNS root servers or sub servers for any domain/names it does not know.

The Firewall on a basic config will allow DNS queries out to the internet, so this would indicate 2 things:-

1) Your DNS server is not setup correctly.

2) You have configured the firewall to block DNS.

Post your firwall config for review.

New Member

Re: Cisco 5510 as a DNS forwarder

For you information, my company policy is to remove all the root hint on the DNS server. And add it as a additional scope in the DNS scope. For sure, once I configure to do a forwarding on my DNS server to ISP dns, my server and clients are able to surf internet. From this point, the DNS server should be configure properly. All our sub server also doing the same setting. I have posted my firewall config here for you review.

ASA Version 8.0(4)

!

hostname ciscoasa

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 58.185.93.18 255.255.255.240

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 172.16.0.105 255.255.0.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

ftp mode passive

object-group service InternetAccess tcp

port-object eq www

port-object eq https

port-object eq imap4

port-object eq pop3

port-object eq smtp

port-object eq ftp

port-object eq ftp-data

access-list inside_access_in extended permit tcp 172.16.0.0 255.255.0.0 object-group InternetAccess any object-group InternetAccess

access-list inside_access_in extended permit icmp any any

access-list inside_access_in extended permit ip 172.16.0.0 255.255.0.0 any

logging enable

logging asdm informational

mtu management 1500

mtu inside 1500

mtu outside 1500

asdm image disk0:/asdm-613.bin

no asdm history enable

arp timeout 14400

global (outside) 1 58.185.93.19 netmask 255.0.0.0

nat (inside) 1 172.16.0.0 255.255.0.0

access-group inside_access_in in interface inside

route outside 0.0.0.0 0.0.0.0 58.185.93.17 1

timeout xlate 3:00:00

http server enable

http 192.168.1.0 255.255.255.0 management

Re: Cisco 5510 as a DNS forwarder

I do not understand your issue then - you have answered you own question?

New Member

Re: Cisco 5510 as a DNS forwarder

It's ok. Thanks.

399
Views
0
Helpful
4
Replies
CreatePlease to create content