Lab Minutes Forum

Technical Discussion => Security => Topic started by: Pankz on February 23, 2018, 06:02:09 AM

Title: Cisco ASA DNS
Post by: Pankz on February 23, 2018, 06:02:09 AM
One of my user need my help in getting access to URL hosted in AWS from this PC and i provided the access in Cisco ASA (FQDN access)...but he is facing Intermittent connectivity issue and after some troubleshooting we came to the conclusion that the URL is getting resolved to multiple IP's (TTL value is 30 Sec) and at the same moment ASA is unable to resolve the current IP's and hence connection is still pointed towards old IP.

I believe this is some thing related to ASA DNS cache time value.

Did anyone here faced the same issue??
Title: Re: Cisco ASA DNS
Post by: MC on February 26, 2018, 09:51:47 PM
Does your user have the ASA as the DNS server? If so, can you point it to another internal or public DNS server?
Title: Re: Cisco ASA DNS
Post by: Pankz on February 28, 2018, 03:47:17 AM
Thanks MC for reverting.

No, the user PC is configured with our internal DNS servers.
Title: Re: Cisco ASA DNS
Post by: MC on February 28, 2018, 07:53:27 PM
In that case, the ASA should have no influence on the TTL. You can try to turned off DNS inspection on the ASA too.
SimplePortal 2.3.7 © 2008-2024, SimplePortal