Make sure that you configure the appropriate routing for any interface on which you enable DNS domain lookup so you can reach the DNS server. See the “Information About Routing” section for more information about routing.
To configure the DNS server, perform the following steps:
Step 1 In the ASDM main application window, choose Configuration > Device Management > DNS > DNS Client .
Step 2 In the DNS Setup area, choose one of the following options:
- Configure one DNS server group.
- Configure multiple DNS server groups.
Step 3 Click Add to display the Add DNS Server Group dialog box.
Step 4 Specify up to six addresses to which DNS requests can be forwarded. The ASA tries each DNS server in order until it receives a response.
Note You must first enable DNS on at least one interface before you can add a DNS server. The DNS Lookup area shows the DNS status of an interface. A False setting indicates that DNS is disabled. A True setting indicates that DNS is enabled.
Step 5 Enter the name of each configured DNS server group.
Step 6 Enter the IP addresses of the configured servers, and click Add to include them in the server group. To remove a configured server from the group, click Delete .
Step 7 To change the sequence of the configured servers, click Move Up or Move Down .
Step 8 In the Other Settings area, enter the number of seconds to wait before trying the next DNS server in the list, between 1 and 30 seconds. The default is 2 seconds. Each time the ASA retries the list of servers, the timeout time doubles.
Step 9 Enter the number of seconds to wait before trying the next DNS server in the group.
Step 10 Enter a valid DNS domain name for the group of configured servers.
Step 11 Click OK to close the Add DNS Server Group dialog box.
The new DNS server settings appear.
Step 12 To change these settings, click Edit to display the Edit DNS Server Group dialog box.
Step 13 Make your desired changes, then click OK to close the Edit DNS Server Group dialog box.
The revised DNS server settings appear.
Step 14 To enable a DNS server group to receive DNS requests, click Set Active .
Step 15 In the DNS Guard area, to enforce one DNS response per query, check the Enable DNS Guard on all interfaces check box. If DNS inspection is enabled, this setting is ignored on the selected interface.
Step 16 Click Apply to save your changes, or click Reset to discard those changes and enter new ones.