Solved

ASA 5510 acting as a DNS proxy

Posted on 2009-04-01
3
2,107 Views
Last Modified: 2012-06-21
We used to havea firewall that acted as a DNS proxy. We replaced it with a Cisco ASA 5510 that does not have this set up. Now, our webserver is having issues sending meail from teh DMZ because it has no DNS server to use.

Is there a way to set up a DNS proxy on the ASA 5510?
0
Comment
Question by:amydnaz
  • 2
3 Comments
 
LVL 12

Expert Comment

by:Alan3285
ID: 24046323
Hi,

This may be missing the point, but why not point the webserver at a DNS server?

You could give it OpenDNS (for example):

208.67.222.222
208.67.220.220

Hope that helps,

Alan.
0
 

Author Comment

by:amydnaz
ID: 24052094
That didn't work. I'm stumped as to why we can't seem to get the webserver to recognize DNS.
0
 
LVL 12

Accepted Solution

by:
Alan3285 earned 500 total points
ID: 24054418
Hi,

I am working on the assumption at this point that the DNS settings in the Webserver are pointing at OpenDNS.

Is the webserver connecting to anything outside at all?

What if you attempt a direct connection to, say, www.cnn.com at:

157.166.224.25

Can you connect from a web browser (if there is one on the webserver), or via telnet:

telnet 157.166.224.25 80

If so, what do you get using, say something like, NSLOOKUP on the webserver?  What is showing as the default resolver, and what is its IP address?

Thanks,

Alan.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question