Hi All,
I am having a problem for sites in my field where DHCP is running on the ASA. These sites use said respective local ASA for DHCP (165 in below example), but for DNS they use the Windows server in our data center (120), which they reach via VPN.
dhcpd address 192.168.165.73-192.168.165.254 inside
dhcpd dns 192.168.120.16 192.168.120.181 interface inside
dhcpd lease 86400 interface inside
dhcpd domain xxxxxxx.yyyyyyy.com interface inside
dhcpd update dns both override interface inside
dhcpd option 3 ip 192.168.165.1 interface inside
dhcpd enable inside
When we do a ping sweep, we are seeing multiple IP addresses matching the same DNS hostname. When I show arp on the ASA at the site, there is only 1 mac address associated to each IP, however, so this is a pure DNS problem. I spoke to my Windows admin and he believes this has something to do with "Secure DNS dynamic updates" not working when the DHCP function is on the ASA, as best practice tends to be; "If your using Windows DNS, you should use Windows DHCP." The business decision to use the ASA's for DHCP is over my head, however, so I have to find a way to make this work without moving DHCP to the server.
My Windows guy believes we may be able to create an AD account that is authorized in DNS to do secure dynamic updates and apply it to the ASA via aaa-server commands. Is this possible, or is there a DHCP option I can configure to make this update?
