Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15689
Views
0
Helpful
12
Replies

Internal DNS Server Entry And ASA-5505

Go to solution
noctech73
Level 1
Level 1

‎01-13-2011 05:44 PM - edited ‎03-11-2019 12:35 PM

Greetings,

I have a client in a workgroup environment. They are a small company with perhaps twenty systems. Their infrastructure consists of a Dell Switch, a Cisco ASA-5505 which hands out the DHCP and a router. And that's that.

They have been using an external IP as their DNS Server to get out to the Web. However, they now want to add an internal Linux-based DNS server.

In looking through the ASA-5505 today I noticed a field for DNS enteries. Is this where the IP for this new internal DNS Server (in the secondary DNS field) would go?

If so, would it be necessary to reboot the ASA-5505 for this change to take effect?

Thank you very much. This is an excellent forum!

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to noctech73

‎01-13-2011 07:48 PM

The order matters depending on which DNS server you prefer the user to use. It will use the first listed DNS server first and if it can't get the resolution, it will use the second DNS server.

You probably have interface specific settings, so as advised earlier, highlight the inside interface and click Edit, you should see information populated on that internal interface.

View solution in original post

0 Helpful
12 Replies 12

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎01-13-2011 06:02 PM

To assign the internal DNS for the DHCP client, you can use the command "dhcpd dns "

Here is the command for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/d2.html#wp1948166

Hope that helps.

0 Helpful

Go to solution
noctech73
Level 1
Level 1
In response to Jennifer Halim

‎01-13-2011 06:29 PM

Jennifer, thank you again. Your assistance is stellar.

I am a real novice at this and was wondering if this could be done through the ASA-5505 GUI (I am using ASDM). And I take it that the new internal DNS Server in this Workgroup environment would go in the Secondary field or is that neither here nor there? I am assuming that it is mandatory to add this new internal DNS server to the ASA-5505.

On a side note, while at a users system I noticed that their DHCP lease is only one hour. In looking through the ASA-5505 I saw no time set for lease duration. Can this be set globally for at least 12 Hours for fixed systems on the network?

Thank you very much! Seriously, your help is greatly appreciated.

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to noctech73

‎01-13-2011 06:49 PM

If you currently have external DNS server configured as the primary, and you would like to use the internal DNS server for DNS resolution, then you can swap them around, ie: configure the internal DNS server as the primary, and the external DNS server as the secondary.

I assume that you are talking about the following DNS entry configuration on ASDM:

Configuration --> Device Management --> DHCP --> DHCP Server --> and the DNS Server 1 and DNS Server 2 configuration

The above is the global DHCP configuration settings. If you however configured interface specific DHCP configuration settings, then on the same page, click on the interface and Edit, and make the changes there.

You can also change the DHCP lease time to 12 hours on the same page. It's in seconds, so you have to convert 12 hours to be 43200 seconds.

And you are right, the default is 1 hour == 3600 seconds.

I attached the screenshot from the ASDM on where you should make the changes.

Hope that helps.

Preview file
64 KB
0 Helpful

Go to solution
noctech73
Level 1
Level 1
In response to Jennifer Halim

‎01-13-2011 07:28 PM

Yes, exactly! Thank you for providing the screen capture as well.

Is the presence of the internal DNS Server mandatory within the settings of the ASA-5505?

Also, if so entered will a reboot of the ASA-5505 be required?

Again, thank you!

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to noctech73

‎01-13-2011 07:31 PM

No, it's not mandatory to have the internal dns settings within the ASA, but since the ASA is the DHCP server, you can automatically assign the DNS server settings to the user when they get assigned an ip address. Otherwise, you can also manually configure each host with the internal DNS server.

No, reload is not required for DNS setting information.

0 Helpful

Go to solution
noctech73
Level 1
Level 1
In response to Jennifer Halim

‎01-13-2011 07:43 PM

Jennifer,

Sorry, I forgot to ask this in the post immediatly before this.


"If you currently have external DNS server configured as the primary, and you would like to use the internal DNS server for DNS resolution, then you can swap them around, ie: configure the internal DNS server as the primary, and the external DNS server as the secondary."

Does the order matter?

(2) I noticed in your screen capture that you highlighted the DHCP field. Need anything be set in the fields within the DNS tab on the lefthand side?

Just out of curiousity, the Address Pool, WINS, Lease, etc., fields are empy on their ASA-5505 as well. Why are these not populated?

Thanks!

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to noctech73

‎01-13-2011 07:48 PM

The order matters depending on which DNS server you prefer the user to use. It will use the first listed DNS server first and if it can't get the resolution, it will use the second DNS server.

You probably have interface specific settings, so as advised earlier, highlight the inside interface and click Edit, you should see information populated on that internal interface.

0 Helpful

Go to solution
noctech73
Level 1
Level 1
In response to Jennifer Halim

‎01-13-2011 08:46 PM

Jennifer,

Many thanks again. Greatly appreciated!

0 Helpful

Go to solution
noctech73
Level 1
Level 1
In response to Jennifer Halim

‎01-13-2011 09:18 PM

>The above is the global DHCP configuration settings. If you however  configured interface specific DHCP configuration settings, then on the  same page, click on the interface and Edit, and make the changes there.

DNS is the only one. Therefore, is that the only place where the DHCP settings need be entered? Or also in Configuration --> Device Management --> DHCP --> DHCP Server --> and the DNS Server 1 and DNS Server 2 configuration fields?

Again, I apologize for just bringing this to your attention now.

Thanks!

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to noctech73

‎01-13-2011 09:27 PM

You would need to make the changes on where you have the DHCP pool configuration.

There is 2 options to configure DHCP settings:

- Global

- Interface

From what you have described earlier, you have it configured under the interface level, because you were saying it's blank on your global DHCP configuration.

0 Helpful

Go to solution
noctech73
Level 1
Level 1
In response to Jennifer Halim

‎01-13-2011 09:36 PM

Thanks Jennifer!

0 Helpful

Go to solution
Oscar Castillo
Level 1
Level 1
In response to noctech73

‎02-19-2013 04:14 AM

This would be the line to follow...

Here I added two  DNS servers into an interface.

dhcpd address 192.168.1.20-192.168.1.50 inside

dhcpd dns 68.237.161.12 71.252.0.12 interface (Interface)

dhcpd lease 691200 interface inside

dhcpd update dns both override interface inside

dhcpd enable inside

!

dhcpd address 172.16.1.20-172.16.1.50 Doug

dhcpd dns 4.2.2.2 68.237.161.12 interface (Interface)

dhcpd lease 691200 interface Doug

dhcpd update dns both override interface Doug

dhcpd enable Doug

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card