Local DNS entry in Firewall

Dear All,

We have a new DNS (AD) server, and I was wondering if I need to add this entry into the Firewall as a local server?
Who is Participating?
Pete LongTechnical ConsultantCommented:
Quick answer is NO - unless you want the ASA to resolve internal DNS? A Better option is to set it to resolve public domain names, then (After version 8.4 you can use domain names in your Access-lists).

dns domain-lookup outside
DNS server-group DefaultDNS
    name-server {ISP-DNS-IP-One}
    name-server {ISP-DNS-IP-Two}
    domain-name {your-internal-domain-name}
Sushil SonawaneCommented:
It's totally depend on you.

It's good practice to add local dns server entry in firewall but last server.


Preferences of dns entry

1) First dns server : ISP DNS IP address
2) Second dns server : ISP DNS IP Address
3) Third dns server : Your local dns server.
Syed_M_UsmanSystem AdministratorCommented:
if you are tlaking about FW WAN than, i would suggest NO....
on teh firewall WAN keep ISP DNS.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.