I hope you enjoy this extract from my upcoming ebook – Deploying Cisco ASA firewalls.
–DNS on ASA–
This section looks at the provision of DNS functions on the ASA. Whilst it cannot provide DNS AAA records it does provide forwarding functions.
DNS based name-to-IP-address mapping requires definition of a server group; this will then allow name-to-IP-address resolution. First we define which interface we want lookups performed on.
dns domain-lookup Inside
Next we create the DNS server group. I will name it CI-DNS and list my DNS servers in it.
dns server-group CI-DNSname-server 172.16.84.23name-server 172.16.62.23name-server 172.16.40.23name-server 220.127.116.11domain-name ciscoinferno.net
The final DNS server listed acts as a backup which is actually Google’s Public DNS. Also defined is the domain-name the actual ASA resides in.
hostname asa1domain-name ciscoinferno.net
The FQDN of the ASA is now asa1.ciscoinferno.net. Provided the DNS servers are contactable, you can issue the ping command with a website url and you will see the resolution. It is possible to gain further insight with the debug dns resolver command.
The ASDM configuration window resides at Configuration > Device Management > DNS > DNS Client.