02-20-2008 06:18 PM - edited 03-11-2019 05:05 AM
Has anyone experienced DNS resolution problems using BIND behind an ASA running 8.0(2) with the default inspection policies applied? Any help is appreciated...
I'm seeing DNS requests go out to the internet, via packet capture, but nothing returning. However I haven't looked at the packets further to identify if they're being altered in some way...
02-20-2008 07:13 PM
Since you said you're using BIND, I assume you mean it's having trouble forwarding queries across your firewall to the Internet?
Or are Internet users querying against your BIND server?
I once had to change the message-length maximum in order for zone transfers to work properly, but nothing for normal dns queries.
02-20-2008 09:02 PM
You are correct. BIND is sending requests through the ASA (ASA is translating and passing the packets - I've taken captures on inside/outside interfaces) but no replies are coming back. I'm wondering if there is some odd DNS packet alteration going on?
I built a Windows DNS server, and things seem to be working normally...
Any insight or experience is appreciated...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide