Re: DNS Lookups on ASA

RyanB · ‎02-26-2018

I have 2 firewalls, one functions fine, the other hangs when typing some commands that could contain hostnames.

Here are the 2x configs for DNS.

FAST ASA:

ASA-A# show run dns
dns domain-lookup outside
DNS server-group DefaultDNS
    name-server 172.16.51.30 inside
    name-server 8.8.8.8 outside
    name-server 172.16.54.30
    name-server 172.16.55.30
    name-server 172.16.56.30
    domain-name domain.com

ASA-A# ping t?
<instantly shows>
  tcp

ASA-A# traceroute a?
<instantly shows>
ERROR: % Unrecognized command

SLOW ASA:

ASA-B# show run dns
dns domain-lookup inside
dns domain-lookup mpls
dns domain-lookup outside
DNS server-group DefaultDNS
    name-server 172.16.64.30 inside
    name-server 172.16.51.30 mpls
    name-server 172.16.54.30 mpls
    name-server 172.16.55.30 mpls
    name-server 172.16.56.30 mpls
    name-server 8.8.8.8 
    domain-name domain.com

ASA-B# ping t?
<minutes later...>
  tcp

ASA-B# traceroute a?
<minutes later...>
ERROR: % Unrecognized command

We need DNS enabled for FQDN based objects used in ACLs, so I cannot issue the no ip domain-lookup command.

Is there anything I can do to prevent this?

RyanB · ‎03-08-2018

Shameless bump!

Florin Barhala · ‎03-09-2018

Can you try on the SLOW ASA this config:

ASA-B# show run dns
dns domain-lookup outside
DNS server-group DefaultDNS
name-server 8.8.8.8
domain-name domain.com

jroy777 · ‎05-26-2021

Was this ever resolved?