Solved: How is ASA resolving hostname

James H · ‎10-26-2022

We have a Cisco ASA 5525. There are many references to a server "dc" in the ASDM. The ASA is using "dc" as a DNS server, it's using "dc" as a radius server. And all of these things are working properly and I'm able to ping "dc" from the ASA. However "dc" does exist on our domain. Our DNS servers do not resolve "dc". Our DNS servers are "dc1" and "dc3". And our radius server is "dc1".

My only guess is that somewhere there is some sort of static group entry with a hostname of "dc" that includes both "dc1" and "dc3"? How can I figure out how the ASA is resolving "dc"? I cannot find any network object or group labeled "dc".

Any help would be appreciated.

Marvin Rhoads · ‎10-26-2022

Try:

show run | i <address of one of the dc's>

View solution in original post

MHM Cisco World · ‎10-26-2022

can you more elaborate

Marvin Rhoads · ‎10-26-2022

Try:

show run | i <address of one of the dc's>

James H · ‎10-26-2022

Wow. Thank you so much. I'm a novice when it comes to Cisco ASAs or firewalls in general, but I was able to use your command to find the the line "name <ip address> dc" in the running config. Which lead me to a google search, resulting in my discovery of the "name" command. I just knew there had to be some sort of static entry for "dc" within the ASA. I was then able to run a "show run | i dc" command to find everywhere that the dc name is being used.

This discovery spurs other questions in my mind, such as what happens if a "name" assignment conflicts with a DNS entry? When a hostname is entered as a server within the ASA config and it has a matching "name" assignment, does it check the assigned names in the config before attempting to resolve with DNS?

I greatly appreciate your help!