topic CISCO ASA Enable DNS Lookup Problem in Network Security

CISCO ASA Enable DNS Lookup Problem

tanveer2005 — Mon, 11 Mar 2019 21:43:52 GMT

I have Cisco ASA 5510 , from ASA CLI i can not resolved the hostname. ( cisco.com or google.com)

At many form say do this.

1. Whilst in enable mode > enter configure terminal mode, then enable DNS Lookups.

CiscoASA#conf t
CiscoASA(config)# dns domain-lookup Outside

2. Then specify the external DNS Servers (Change IP addresses appropriately).
CiscoASA(config)# dns server-group DefaultDNS
CiscoASA(config-dns-server-group)# name-server 122.122.122.199
CiscoASA(config-dns-server-group)# name-server 122.122.122.198
CiscoASA(config-dns-server-group)# exit

3. Test it by pinging a name/URL.
CiscoASA(config)# ping www.20best.blogspot.com

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 123.123.123.123, timeout is 2 seconds:
!!!!!

But there is no command ( dns server-group ) in my ASA

Please tell me how to do this or any way

My ASA is showing only

ail-ASA# sh runn
: Saved
:
ASA Version 7.0(8)
!
hostname Mail-ASA
domain-name rawabiholding.com
enable password QuzxIf5jNzzT5kki encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 172.16.0.94 Test-web-mail
name 172.16.5.63 Mail-server
name 172.16.0.40 Web-Mail
name 172.16.0.24 MX-A
name 172.16.0.93 Test-Mail-MX
name 172.16.1.55 DNS-1
name 172.16.1.17 Web-Server
name 172.16.0.41 Helpdesk.rawabiholding.com
name 172.16.0.98 Test-Server
no dns-guard
!
interface Ethernet0/0
nameif outside
security-level 10
ip address 82.118.161.34 255.255.255.224
!
interface Ethernet0/1
nameif LAN
security-level 100
ip address 172.16.1.65 255.255.252.0
!
interface Ethernet0/2
nameif inside-Mail
security-level 100
ip address 172.16.5.37 255.255.255.0
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.100.1 255.255.255.0
management-only
!
banner exec ************* If you are not Rawabi IT Member Please logout ********
********
banner login ***************** Do not open or login , if you are not allowed *
********************
ftp mode passive
dns domain-lookup outside
dns name-server 212.102.0.82
dns name-server 212.102.0.11
access-list outside_access_in extended permit tcp any host 82.118.161.35 eq pop3

access-list outside_access_in extended permit tcp any host 82.118.161.35 eq smt.

CISCO ASA Enable DNS Lookup Problem

Jennifer Halim — Sat, 29 Oct 2011 10:58:24 GMT

Doesn't look like the DNS servers that you configured is resolving any DNS requests.

I have just tried both DNS server, and it is refusing the DNS:

> www.google.com

Server: ns3.shabakah.net.sa

Address: 212.102.0.82

*** ns3.shabakah.net.sa can't find www.google.com: Query refused

> www.google.com

Server: [212.102.0.11]

Address: 212.102.0.11

*** [212.102.0.11] can't find www.google.com: Query refused

Re: CISCO ASA Enable DNS Lookup Problem

tanveer2005 — Sat, 29 Oct 2011 11:05:27 GMT

http://20best.blogspot.com

Dear Jennifer,

From Router-ISP, I check it is resolving the name to IP

but from ASA 5510 not, it giving error

Jennifer Halim wrote:

Doesn't look like the DNS servers that you configured is resolving any DNS requests.

I have just tried both DNS server, and it is refusing the DNS:

> www.google.com

Server: ns3.shabakah.net.sa

Address: 212.102.0.82

*** ns3.shabakah.net.sa can't find www.google.com: Query refused

> www.google.com

Server: [212.102.0.11]

Address: 212.102.0.11

*** [212.102.0.11] can't find www.google.com: Query refused

http://20best.blogspot.com/2011/06/visit-to-grand-canyon-in-10-days.html

Re: CISCO ASA Enable DNS Lookup Problem

tanveer2005 — Sat, 29 Oct 2011 11:10:15 GMT

When i am ping it si giving this error.

Mail-ASA# ping http://20best.blogspot.com/2011/08/clock-of-makkah.html

Mail-ASA# ping http://20best.blogspot.com/2011/10/lulu-market-in-riyadh.html

Re: CISCO ASA Enable DNS Lookup Problem

tanveer2005 — Sat, 29 Oct 2011 11:36:27 GMT

MY ASA5510 have not this command for configure DNS.

dns server-group DefaultDNS

Maybe i have old version.

CISCO ASA Enable DNS Lookup Problem

Jennifer Halim — Sat, 29 Oct 2011 23:15:40 GMT

You do not need the "dns server-group" command to perform DNS resolution on your ASA. The "dns server-group" comamnd is only to group multiple DNS server configured on the ASA so you can refer to it on your other parts of the configuration. If you need to group the DNS server, the command is only supported from version 7.1.1 onwards.

Secondly, you also can't ping DNS name from your ASA with the version of code that you are running. Ping hostname from the ASA is only supported from version 7.2.1 onwards.

You can try to point an internal host DNS server as the ASA to test it, and you should be able to test DNS resolution from your host.

Re: CISCO ASA Enable DNS Lookup Problem

tanveer2005 — Mon, 31 Oct 2011 08:29:22 GMT

Very good, you are right. i have old version , can i get it free , or can you give me any link or any way.

Thanks,

Tanveer

.http://world-techtimes.blogspot.com/2011/10/new-data-storage-density-33-terabits.html

CISCO ASA Enable DNS Lookup Problem

Jennifer Halim — Wed, 02 Nov 2011 08:23:38 GMT

You can download it from cisco.com download site if you have a Smartnet contract.