Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 669
  • Last Modified:

Local DNS entry in Firewall

Dear All,

We have a new DNS (AD) server, and I was wondering if I need to add this entry into the Firewall as a local server?
1 Solution
Sushil SonawaneCommented:
It's totally depend on you.

It's good practice to add local dns server entry in firewall but last server.


Preferences of dns entry

1) First dns server : ISP DNS IP address
2) Second dns server : ISP DNS IP Address
3) Third dns server : Your local dns server.
Pete LongConsultantCommented:
Quick answer is NO - unless you want the ASA to resolve internal DNS? A Better option is to set it to resolve public domain names, then (After version 8.4 you can use domain names in your Access-lists).

dns domain-lookup outside
DNS server-group DefaultDNS
    name-server {ISP-DNS-IP-One}
    name-server {ISP-DNS-IP-Two}
    domain-name {your-internal-domain-name}
if you are tlaking about FW WAN than, i would suggest NO....
on teh firewall WAN keep ISP DNS.

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now