cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

321
Views
0
Helpful
2
Replies
Highlighted
Beginner

ASA 5506-X internal computer can't use public DNS

Hi,

I have initialized 5506X without initialize the firepower module as I don't need it.

For testing, i didn't changed too much on the default settings. I have added public dns to the dhcpd setting so the inside computer will use public DNS for internet access.

Attached the test config.

Internal computer can get IP and the public DNS by DHCP of the ASA sucessfully, but can not resolve any website. But i can ping them by IP.

Any idea?

Suppose all inside to outside connection already allowed, because of the security level.

Do i need add access list to allow outbound DNS query?

Thanks,

Roy

2 REPLIES 2
Highlighted
VIP Advocate

You do not need an ACL to allow outbound traffic (higher to lower security). Can you ping the ISP provided DNS server? Try setting the DNS server to a known public DNS like 8.8.8.8 as a test.

 

Also run a packet tracer as below:

 

packet-tracer input <interface-name> udp <dhcp-ip> 53 <isp-dns> 53 detailed

Highlighted

Dear Rahul,

.... it's a stupid mistake, there is typo of the DNS server IP....

Thanks,

Roy

Content for Community-Ad