TOPIC: ASAs and DNS

1) When I configure my ASA to get an IP from the ISPvia DHCP, how can I tell what DNS address to get? Is there a place in the ASA that shows this information?

2) When I statically set my PCs with an IP address, do I need to manually enter the DNS server(s) or can I just point them to the ASA.

3) Can the ASA 5505 act as a DNS caching server for faster DNS?

4) Do you use a DNS caching server? Puclic DNS servers? etc?

I am getting weird DNS issues and am wondering if I am doing something wrong. Thanks for your help!

You got alot there.

1) Im not sure what you mean, for your ASA to receive IP information you have to have one interface set to DHCP. Assuming your asa received a DNS server from your ISP you can use the global command "show ip dns primary" to see its primary DNS server.

2) If you statically assign an IP to a pc you can not have it receive DNS information via DHCP. I dont belive ASA can act as a DNS caching device. Assuming your ASA is the dhcp server you could use the "import all" command under your DHCP config and it would pass the DNS server information on to your client when it request an IP address.

3) See above, I believe no.

4) There are really three answers here. Most corp environments will have there own private DNS servers. Most home users will use there ISP provided DNS servers. I personally use 4.2.2.2 and 4.2.2.1 which are Free Public DNS servers provided by Level 3. At least that is what comes up when I do a WHOIS on it the ip address.

4) Do you use a DNS caching server? Puclic DNS servers? etc?

I usually use a public server only because my ISP's DNS server is some times slow.

I am getting weird DNS issues and am wondering if I am doing something wrong. Thanks for your help!

Perhaps the easiest way is to configure ASA to use the ISP's (or a public) fixed DNS server and to distribute it to your network PCs via DHCP using the command dhcpd dns <dns1> [dns2]. Where dns1 is the primary server IP and the dns2 is the secondary.

I'm saying this because the ISP's DNS server IP is usually fixed, at least for a long while. So you need to get it only once.

Thank you for the replies. Before reading these answers, I went with the 4.2.2.x DNS servers and they seem to be working well.

Thank you for the information on the ASA, I could not figure out the show command that would give me the DNS received via DHCP on my interface.

I already used the dhcpd dns <dns1> [dns2] command when setting up the DHCP portion; however, I have several computers with static IPs.

Would it really make a difference to have a DNS caching server for home? I saw a free program that I could intall on a PC to do it, but I didn't know if it would really make a difference.

Thanks!

Unless you just want to do it for fun, I would say no. Your PC does a pretty good job of cashing DNS entrys already.

Would it really make a difference to have a DNS caching server for home? I saw a free program that I could intall on a PC to do it, but I didn't know if it would really make a difference.

If you have a broadband WAN link (128 Kbps and above), I don't think it'll make any difference. DNS queries and replies relatively form a very small portion of the total traffic when compared to interactive websites, images, sound and video. Besides as Kajitora said, the hosts/PCs them selves have internal caches for DNS queries. Talking windows, you can view the PCs cache using ipconfig /displaydns

I have to say that it could make a difference however in the odd case were your ISP or public DNS server is slow (or is far a way, in the sense that pinging it would take long to reply).