Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3516
Views
5
Helpful
3
Replies

How to configure a Cisco ASA5505 network with split DNS or conditional DNS forwarding

kekarlsen
Level 1
Level 1

‎03-14-2011 08:26 AM - edited ‎03-03-2019 06:14 AM

Hello everyone!

We have several branch offices that only have a Cisco ASA 5505 connecting clients to the Internet, our main office and other networks. Some of the branch offices uses Site-to-Site VPN to connect to our main Office, other uses a VPN-service delivered by our ISP.

The networking is working fine, but we are having problems with figuring out how to handle dns lookups. I see that the ASA DNS Client can use conditional DNS forwarding, but it cannot act as a DNS server for our clients on the inside network.

We want to do the following:

- Default dns quires should use the DNS servers for the site's local ISP (some sites also uses dual ISP, so we are using DNS1 and DNS2)

- The domain name: company.local should use our main office DNS server (acces by Site-to-Site VPN or our ISP's VPN)

- The domain name: sitea.company.local should use our SiteA DNS server (acces by Site-to-Site VPN or our ISP's VPN)

etc...

We have solved the issue by using Windows DNS server's conditional forwarding for the branch offices that has a local Windows 2008 domain controller.

So my question is: how do we solve this issue on our branch office's that only have a Cisco ASA 5505 Security Applience?

Labels:
0 Helpful
3 Replies 3

sconstantine
Level 1
Level 1

‎10-09-2011 06:24 PM

Did you find a solution to this scenario?

0 Helpful

kekarlsen
Level 1
Level 1
In response to sconstantine

‎10-10-2011 02:26 AM

Sorry, I didn't find any other solution for this scenario than to set our internal DNS-servers as primary and our ISP's DNS-servs as secondary.

It works, but I'm not happy with it.

So if you can figure out a better solution, please keep me updated

0 Helpful

Ivan Krimmel
Level 7
Level 7

‎10-11-2011 02:18 PM

Hi folks,

Cisco ASA can do DNS 'doctoring', also DNS inspections, but for that it expects already formed DNS queries, it as you mentioned is not capable of doing any DNS-server logic.

So at the end you'd need a separate DNS-server functionality.

Regards,

Ivan.

Customers Also Viewed These Support Documents