03-14-2011 08:26 AM - edited 03-03-2019 06:14 AM
Hello everyone!
We have several branch offices that only have a Cisco ASA 5505 connecting clients to the Internet, our main office and other networks. Some of the branch offices uses Site-to-Site VPN to connect to our main Office, other uses a VPN-service delivered by our ISP.
The networking is working fine, but we are having problems with figuring out how to handle dns lookups. I see that the ASA DNS Client can use conditional DNS forwarding, but it cannot act as a DNS server for our clients on the inside network.
We want to do the following:
- Default dns quires should use the DNS servers for the site's local ISP (some sites also uses dual ISP, so we are using DNS1 and DNS2)
- The domain name: company.local should use our main office DNS server (acces by Site-to-Site VPN or our ISP's VPN)
- The domain name: sitea.company.local should use our SiteA DNS server (acces by Site-to-Site VPN or our ISP's VPN)
etc...
We have solved the issue by using Windows DNS server's conditional forwarding for the branch offices that has a local Windows 2008 domain controller.
So my question is: how do we solve this issue on our branch office's that only have a Cisco ASA 5505 Security Applience?
10-09-2011 06:24 PM
Did you find a solution to this scenario?
10-10-2011 02:26 AM
Sorry, I didn't find any other solution for this scenario than to set our internal DNS-servers as primary and our ISP's DNS-servs as secondary.
It works, but I'm not happy with it.
So if you can figure out a better solution, please keep me updated
10-11-2011 02:18 PM
Hi folks,
Cisco ASA can do DNS 'doctoring', also DNS inspections, but for that it expects already formed DNS queries, it as you mentioned is not capable of doing any DNS-server logic.
So at the end you'd need a separate DNS-server functionality.
Regards,
Ivan.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide