https://community.cisco.com/t5/network-security/dns-configuration-on-ftd/m-p/4170820#M1075003 <P>The DNS servers you configure in the GUI as you shared in your earlier screenshot are for doing DNS lookups for policy-related actions (e.g if there is an access-control policy entry with a FQDN object or similar).</P> <P>The DNS server you configure via the management cli is only used for management purposes, not for the data plane or enforcemnt of traffic through it.</P> Wed, 21 Oct 2020 07:56:56 GMT Marvin Rhoads 2020-10-21T07:56:56Z https://community.cisco.com/t5/network-security/dns-configuration-on-ftd/m-p/4169966#M1074951 <P>Hi All,</P><P>&nbsp;</P><P>I am working on Cisco FTD which are managed by FMC. I ahve conifgured the DNS group:</P><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><P>I did an nslookup from the firewall but the firewall doesnt seem to resolve google.com</P><P>I ahve route pointing towards the inside interface for 10.0.0.0/8 subnet, and my DNS server also falls under this subnet but it is reachable through the mgmt interface only.</P><P>&nbsp;</P><P>Now on other vendors I can create a service route for the management interface, but doesnt seem to eb possible for this FTD.</P><P>&nbsp;</P><P>How can I add a management route on the FTD to send this destination dns server traffic out from the menagement interface?</P><P>&nbsp;</P><P>Thanks,</P><P>Varun</P><P>&nbsp;</P><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><P>&nbsp;</P> Tue, 20 Oct 2020 05:10:15 GMT https://community.cisco.com/t5/network-security/dns-configuration-on-ftd/m-p/4169966#M1074951 varrao 2020-10-20T05:10:15Z https://community.cisco.com/t5/network-security/dns-configuration-on-ftd/m-p/4169968#M1074952 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dns.PNG" style="width: 976px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/86466iE74E08383E571D6F/image-size/large?v=v2&amp;px=999" role="button" title="dns.PNG" alt="dns.PNG" /></span></P> Tue, 20 Oct 2020 05:10:43 GMT https://community.cisco.com/t5/network-security/dns-configuration-on-ftd/m-p/4169968#M1074952 varrao 2020-10-20T05:10:43Z https://community.cisco.com/t5/network-security/dns-configuration-on-ftd/m-p/4169987#M1074953 Hi,<BR /><BR />You have to enable dns lookup under the interface configuration to be able<BR />to perform lookups on the firewall. If the route points to inside, then you<BR />need to enable dns lookup on the inside.<BR /><BR />In the same screenshot, just add the inside interface<BR /><BR />**** please remember to rate useful posts<BR /> Tue, 20 Oct 2020 06:01:37 GMT https://community.cisco.com/t5/network-security/dns-configuration-on-ftd/m-p/4169987#M1074953 Mohammed al Baqari 2020-10-20T06:01:37Z https://community.cisco.com/t5/network-security/dns-configuration-on-ftd/m-p/4169989#M1074954 <P>HI Mohammad,</P><P>&nbsp;</P><P>The DNS server is reachable through Management interface only, i want the lookup to happen through mgmt interface, what do I need to do&nbsp; in that case?</P> Tue, 20 Oct 2020 06:05:14 GMT https://community.cisco.com/t5/network-security/dns-configuration-on-ftd/m-p/4169989#M1074954 varrao 2020-10-20T06:05:14Z https://community.cisco.com/t5/network-security/dns-configuration-on-ftd/m-p/4169992#M1074955 Understood, in this case you need to create a data interface in the same<BR />subnet as mgmt and use it to perform lookups. Till the latest version (6.6)<BR />FTD doesn't support lookup through mgmt interface.<BR /><BR />**** please remember to rate useful posts<BR /> Tue, 20 Oct 2020 06:09:37 GMT https://community.cisco.com/t5/network-security/dns-configuration-on-ftd/m-p/4169992#M1074955 Mohammed al Baqari 2020-10-20T06:09:37Z https://community.cisco.com/t5/network-security/dns-configuration-on-ftd/m-p/4170109#M1074965 <P>You can configure the DNS servers for management interface from the command line (CLI) by using the following command (change dns server IP as needed):</P> <P><STRONG>configure network dns server 8.8.8.8</STRONG></P> <P>verify using the show network command.</P> <P>&nbsp;</P> Tue, 20 Oct 2020 09:11:48 GMT https://community.cisco.com/t5/network-security/dns-configuration-on-ftd/m-p/4170109#M1074965 Marius Gunnerud 2020-10-20T09:11:48Z https://community.cisco.com/t5/network-security/dns-configuration-on-ftd/m-p/4170820#M1075003 <P>The DNS servers you configure in the GUI as you shared in your earlier screenshot are for doing DNS lookups for policy-related actions (e.g if there is an access-control policy entry with a FQDN object or similar).</P> <P>The DNS server you configure via the management cli is only used for management purposes, not for the data plane or enforcemnt of traffic through it.</P> Wed, 21 Oct 2020 07:56:56 GMT https://community.cisco.com/t5/network-security/dns-configuration-on-ftd/m-p/4170820#M1075003 Marvin Rhoads 2020-10-21T07:56:56Z https://community.cisco.com/t5/network-security/dns-configuration-on-ftd/m-p/4981778#M1107099 <P>hi Marvin</P><P>If the Interface is not avalibly from the dropdown there what is the cause for this?&nbsp;</P><P>we have 6 FP2110 FTD's running&nbsp; (12 - 6 in HA mode) - vers. 6.6.1 - 6.6.5 and 7.0.0 - which is managed from a FMC on 7.0.0&nbsp;</P><P>we have a common device policy for them where we assign the DNS settings trough - but DNS for fqdn in the ACE's doesnt resolve. When i do a DNS debug i get "DNS: DNS not enabled for interface "</P><P>Can you guide me to the cause for this?</P> Tue, 19 Dec 2023 20:17:24 GMT https://community.cisco.com/t5/network-security/dns-configuration-on-ftd/m-p/4981778#M1107099 tiwang 2023-12-19T20:17:24Z