Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
677
Views
0
Helpful
2
Replies

ASA 5506-X internal computer can't use public DNS

Roy Lee
Level 1
Level 1

‎08-21-2018 08:33 AM - edited ‎02-21-2020 08:08 AM

Hi,

I have initialized 5506X without initialize the firepower module as I don't need it.

For testing, i didn't changed too much on the default settings. I have added public dns to the dhcpd setting so the inside computer will use public DNS for internet access.

Attached the test config.

Internal computer can get IP and the public DNS by DHCP of the ASA sucessfully, but can not resolve any website. But i can ping them by IP.

Any idea?

Suppose all inside to outside connection already allowed, because of the security level.

Do i need add access list to allow outbound DNS query?

Thanks,

Roy

Preview file
5 KB
0 Helpful
2 Replies 2

Rahul Govindan
VIP Alumni
VIP Alumni

‎08-21-2018 09:55 AM

You do not need an ACL to allow outbound traffic (higher to lower security). Can you ping the ISP provided DNS server? Try setting the DNS server to a known public DNS like 8.8.8.8 as a test.

 

Also run a packet tracer as below:

 

packet-tracer input <interface-name> udp <dhcp-ip> 53 <isp-dns> 53 detailed

0 Helpful

Roy Lee
Level 1
Level 1
In response to Rahul Govindan

‎08-23-2018 12:59 AM

Dear Rahul,

.... it's a stupid mistake, there is typo of the DNS server IP....

Thanks,

Roy

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card