Solved: Can Cisco 5510 configure to do dns forwarder?

VincentLong · ‎06-28-2010

Hi,

My client is using the public dns but they don't want dhcp to give dns as public dns. They want it to point to firewall then only firewall forward the dns to public DNS. Would it possible for ASA 5510?

Regards,

Hing

Kevin Redmon · ‎06-29-2010

Hing,

Sort of - you could configure a static statement on the ASA that will equate to the DNS's IP address. For instance:

static (outside, inside) 10.1.1.253 1.1.1.1

You would also have to ensure that UDP 53 traffic is also allowed via access-list on your inside interface. On your DHCP server, you would then configure the IP address 10.1.1.253 as your DNS server - in reality, the ASA will simply translate that IP address to the real 1.1.1.1 address.

Hope this helps,

Kevin

View solution in original post

Kevin Redmon · ‎06-29-2010

Hing,

Sort of - you could configure a static statement on the ASA that will equate to the DNS's IP address. For instance:

static (outside, inside) 10.1.1.253 1.1.1.1

You would also have to ensure that UDP 53 traffic is also allowed via access-list on your inside interface. On your DHCP server, you would then configure the IP address 10.1.1.253 as your DNS server - in reality, the ASA will simply translate that IP address to the real 1.1.1.1 address.

Hope this helps,

Kevin

VincentLong · ‎06-29-2010

Hi Kevin,

Thanks alot. That was a brilliant idea.

Regards,

Hing

Kevin Redmon · ‎06-30-2010

Hing,

If you have any further questions, please let us know. If this solution works for you, please be sure to mark this question as answered.

Thanks in advance,

Kevin