Hi,

I have an ASA with below configuration:

dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 4.2.2.2

object network MGMT_SERVER
host X.X.X.X
object network obj-eclipse.org
fqdn eclipse.org
object network obj-maven.apache.org
fqdn maven.apache.org
object network obj-java.com
fqdn java.com
object network obj-redhat.com
fqdn redhat.com
object-group network MGMT_FQDN
network-object object obj-eclipse.org
network-object object obj-maven.apache.org
network-object object obj-java.com
network-object object obj-redhat.com

access-list inside_access_outside extended permit tcp object MGMT_SERVER object-group MGMT_FQDN eq 443

access-list inside_access_outside extended permit tcp object MGMT_SERVER object-group MGMT_FQDN eq 80
access-list inside_access_outside extended permit udp object MGMT_SERVER host 8.8.8.8 eq domain

access-list inside_access_outside extended permit udp object MGMT_SERVER host 4.2.2.2 eq domain

The issue is, when I am resolving nslookup on my local server (MGMT_SERVER) for fqdn java.com then the resolved IP is different and my ASA resolving different IP when I check in dns-hosts. Due to this java.com is not accessible from the server.

Is there any solution for this problem.