cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13097
Views
0
Helpful
3
Replies

DNS Lookups on ASA

RyanB
Beginner
Beginner

I have 2 firewalls, one functions fine, the other hangs when typing some commands that could contain hostnames.

 

Here are the 2x configs for DNS.

 

FAST ASA:

 

ASA-A# show run dns
dns domain-lookup outside
DNS server-group DefaultDNS
    name-server 172.16.51.30 inside
    name-server 8.8.8.8 outside
    name-server 172.16.54.30
    name-server 172.16.55.30
    name-server 172.16.56.30
    domain-name domain.com
ASA-A# ping t?
<instantly shows>
  tcp  
ASA-A# traceroute a?
<instantly shows>
ERROR: % Unrecognized command

 

 

SLOW ASA:

 

ASA-B# show run dns
dns domain-lookup inside
dns domain-lookup mpls dns domain-lookup outside DNS server-group DefaultDNS name-server 172.16.64.30 inside name-server 172.16.51.30 mpls name-server 172.16.54.30 mpls name-server 172.16.55.30 mpls name-server 172.16.56.30 mpls name-server 8.8.8.8 domain-name domain.com
ASA-B# ping t?
<minutes later...>
  tcp  
ASA-B# traceroute a?
<minutes later...>
ERROR: % Unrecognized command

 

We need DNS enabled for FQDN based objects used in ACLs, so I cannot issue the no ip domain-lookup command.

 

Is there anything I can do to prevent this?

3 Replies 3

RyanB
Beginner
Beginner

Shameless bump!

Florin Barhala
Frequent Contributor
Frequent Contributor
Can you try on the SLOW ASA this config:

ASA-B# show run dns
dns domain-lookup outside
DNS server-group DefaultDNS
name-server 8.8.8.8
domain-name domain.com

jroy777
Beginner
Beginner

Was this ever resolved?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers