Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
679
Views
0
Helpful
1
Replies

ASA access to FQDN

Sergey Prishchepa
Spotlight
Spotlight

‎01-17-2014 12:27 AM - edited ‎03-11-2019 08:31 PM

On the ASA 5525-X is configured to access FQDN. Everything works well, but there is one feature. Lifetime matching FQDN and ip default 21 min., Obtained 21 minutes after ASA updates the information, but she did it for a minute and all this time blocked traffic. TTL for dns can be increased, but how to reduce this minute interval, preferably up to 1 second?

Labels:
0 Helpful
1 Reply 1

David White
Cisco Employee
Cisco Employee

‎01-22-2014 07:45 AM

Hi Sergey,

You cannot lower the ASA's DNS aging timeout below 1 minute.  Note that each time the timeout occurs, the ASA must refresh the DNS entry, and then update and re-compile the ACLs (where the FQDN name is used).  If you had multiple entries expiring every second, the policy would constantly be changing and the ASA would be constantly re-compiling the ACLs (ie: the Security Policy).

Hope this helps,


David.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card