9-10
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 9 Configuring Basic Settings
Configuring the DNS Server
Configuring the DNS Server
Some adaptive security appliance features require use of a DNS server to access external servers by
domain name; for example, the Botnet Traffic Filter feature requires a DNS server to access the dynamic
database server and to resolve entries in the static database. Other features, such as the ping or
traceroute command, let you enter a name that you want to PING for traceroute, and the adaptive
security appliance can resolve the name by communicating with a DNS server. Many SSL VPN and
certificate commands also support names.
Note The adaptive security appliance has limited support for using the DNS server, depending on the feature.
For these feature, to resolve the server name to an IP address you must enter the IP address manually by
adding the server name in the Configuration > Firewall > Objects > Network Object/Groups pane.
For information about dynamic DNS, see the “Configuring Dynamic DNS” section on page 11-2.
Prerequisites
Make sure you configure the appropriate routing for any interface on which you enable DNS domain
lookup so you can reach the DNS server. See the “Information About Routing” section on page 18-1 for
more information about routing.
Detailed Steps
Step 1 In the ASDM main application window, choose Configuration > Device Management > DNS > DNS
Client.
Step 2 In the DNS Setup area, choose one of the following options:
• Configure one DNS server group.
• Configure multiple DNS server groups.
Step 3 Click Add to display the Add DNS Server Group dialog box.
Step 4 Specify up to six addresses to which DNS requests can be forwarded. The adaptive security appliance
tries each DNS server in order until it receives a response.
Note You must first enable DNS on at least one interface before you can add a DNS server. The DNS
Lookup area shows the DNS status of an interface. A False setting indicates that DNS is
disabled. A True setting indicates that DNS is enabled.
Step 5 Enter the name of each configured DNS server group.
Step 6 Enter the IP addresses of the configured servers, and click Add to include them in the server group. To
remove a configured server from the group, click Delete.
Step 7 To change the sequence of the configured servers, click Move Up or Move Down.
Step 8 In the Other Settings area, enter the number of seconds to wait before trying the next DNS server in the
list, between 1 and 30 seconds. The default is 2 seconds. Each time the adaptive security appliance retries
the list of servers, the timeout time doubles.
Step 9 Enter the number of seconds to wait before trying the next DNS server in the group.
To Next Page
Loading...
Need help?
General
