FTD DNS management not working

swater · ‎10-25-2022

Hello,

Recently I've provided a test FTD1010 with image 7.2.1-40. The issue is that my DNS is not working from the Management interface.

In FTD cli I can do a "ping system 1.1.1.1" but I can't do a "ping cisco.com", it ends in "ping: cisco.com: Temporary failure in name resolution"
When I do a "show network" I get to see, among other things, "DNS from router : enabled".
From another working Firewall it states "DNS from router : disabled"
How do I change the setting "DNS from router"?

Any help is appreciated

KG

Sjoerd

manabans · ‎10-25-2022

'DNS from router' could be due to management traffic passing through the FTD data interface.
If you are using the data interfaces as the gateway, verify that you have the required routes. You need a default route for 0.0.0.0. You might need additional routes if the DNS server is not available through the gateway for the default route.

Refer topic 'Troubleshooting DNS for the Management Interface' from the below document,
https://www.cisco.com/c/en/us/td/docs/security/firepower/720/fdm/fptd-fdm-config-guide-720/fptd-fdm-mgmt.html#task_88DEC3AB778D4F6EB78B6FD410A9B8D0

swater · ‎10-25-2022

Hi Manabans,

Thx for you reply!
Management interface indeed uses the data gateway. And it works, because I can succesfull do a "ping system 1.1.1.1", however a "ping system cisco.com" doesn't work and leave me with the message, "ping: cisco.com: Temporary failure in name resolution".

Kind regards,
Swater