Re: DNS lookups fail behind FTD

techno.it · ‎04-01-2020

I have FTD and FMC virtual.

The client behind FTD are unable to resolve DNS names, however I can ping DNS servers. The clients are using 8.8.8.8 and 208.67.222.222

I am able to open websites by adding static entry into windows hosts but using DNS servers none are accessible.

I have disabled dns inspection but no luck. The packet tracer does not show any drop, everything is allowed and successful.

Any suggestions ?

Francesco Molino · ‎04-01-2020

Hi

Can you share the packet tracer please?
DNS ports are opened towards internet to these 2 hosts right?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

techno.it · ‎04-01-2020

Yes, I have open any ports from these hosts to the internet, even FMC and FTD cannot resolve the hostnames.

I've was unable to attach pcap hence I am posting screenshot. Please let know if that would work.

Francesco Molino · ‎04-02-2020

Ok we don't see responses.
Let's assume the lan interface is named inside.
Connect to your ftd using ssh, then type system support diagnostic.
Then type enable and when it asks about a password just hit enter.

Afterwards run the following command:
packet-tracer input inside udp 10.10.11.201 54641 8.8.8.8 53

Share please the output.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question