cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

11024
Views
0
Helpful
3
Replies
RyanB
Beginner

DNS Lookups on ASA

I have 2 firewalls, one functions fine, the other hangs when typing some commands that could contain hostnames.

 

Here are the 2x configs for DNS.

 

FAST ASA:

 

ASA-A# show run dns
dns domain-lookup outside
DNS server-group DefaultDNS
    name-server 172.16.51.30 inside
    name-server 8.8.8.8 outside
    name-server 172.16.54.30
    name-server 172.16.55.30
    name-server 172.16.56.30
    domain-name domain.com
ASA-A# ping t?
<instantly shows>
  tcp  
ASA-A# traceroute a?
<instantly shows>
ERROR: % Unrecognized command

 

 

SLOW ASA:

 

ASA-B# show run dns
dns domain-lookup inside
dns domain-lookup mpls dns domain-lookup outside DNS server-group DefaultDNS name-server 172.16.64.30 inside name-server 172.16.51.30 mpls name-server 172.16.54.30 mpls name-server 172.16.55.30 mpls name-server 172.16.56.30 mpls name-server 8.8.8.8 domain-name domain.com
ASA-B# ping t?
<minutes later...>
  tcp  
ASA-B# traceroute a?
<minutes later...>
ERROR: % Unrecognized command

 

We need DNS enabled for FQDN based objects used in ACLs, so I cannot issue the no ip domain-lookup command.

 

Is there anything I can do to prevent this?

3 REPLIES 3
RyanB
Beginner

Shameless bump!

Florin Barhala
Frequent Contributor

Can you try on the SLOW ASA this config:

ASA-B# show run dns
dns domain-lookup outside
DNS server-group DefaultDNS
name-server 8.8.8.8
domain-name domain.com
jroy777
Beginner

Was this ever resolved?