Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1097
Views
0
Helpful
4
Replies

ASA 5550, DNS doctoring not working

cbuskirkspark
Level 1
Level 1

‎12-07-2012 12:45 PM - edited ‎03-11-2019 05:34 PM

We are in the first stages of migrating to a new data center and have hit a bit of a roadblock with DNS Doctoring. We have been using it for years without trouble at our old site with almost no config. Any help things I might be overlooking would be greatly appreciated.

All of our Nat entries are tagged with dns

static (inside,outside) 64.99.87.66 10.5.0.66 netmask 255.255.255.255 dns

Dig always returns the public IP.

[root@iscsi ~]# dig  @8.8.8.8 monitor.datamaze.net
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> @8.8.8.8 monitor.datamaze.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38510
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;monitor.datamaze.net.          IN      A
;; ANSWER SECTION:
monitor.datamaze.net.   881     IN      A       69.99.76.66
;; Query time: 47 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Dec  7 12:19:25 2012
;; MSG SIZE  rcvd: 54

Trace path from the same box show it hititng the ASA

 [root@iscsi ~]# tracepath 8.8.8.8
 1:  10.5.0.78 (10.5.0.78)                                  0.094ms pmtu 1500
 1:  64.99.87.1 (64.99.87.1)                                0.754ms asymm  2 
 1:  64.99.87.1 (64.99.87.1)                                0.711ms asymm  2 
 2:  no reply
 3:  no reply

Thanks,

Chris

Labels:
0 Helpful
4 Replies 4

Julio Carvajal
VIP Alumni
VIP Alumni

‎12-07-2012 03:03 PM

Hello Chris,

What version are you running,

Where are the clients you are using to access this server

You are using 8.8.8.8 as the DNS server right?

Just want to confirm the little things so we can start working on this

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

cbuskirkspark
Level 1
Level 1
In response to Julio Carvajal

‎12-07-2012 03:17 PM

Hi there,

Thanks for the response. Currently we are on version 8.2(1). Clients are a mix of Centos 6.2 and Windows 2008 R2 boxes. And yes we are using 8.8.8.8 as our dns server.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to cbuskirkspark

‎12-07-2012 10:53 PM

Hello,

But I mean where are the servers?? on witch interface?? The same interface than the server they are trying to access?

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

cbuskirkspark
Level 1
Level 1
In response to Julio Carvajal

‎12-10-2012 03:47 PM

Hello,

Sorry I misunderstood. All of the clients are on the same VLAN although there are several differenet subents sharing that VLAN. Redundant 1 is connected to that VLAN with an IP of 10.5.5.1. All servers have 10.5.5.1 as their gateway reguardless of which subent they are on.

The DNS server is Google's public DNS.

Thanks,

Chris

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card