I have a client who has a Cisco ASA 5505 device. I am not familiar with these devices at all.
The client has a problem where it allows outbound from traffic from an old DNS server (10.236.72.100), but not from a new DNS server (10.236.72.3).
I currently have a forwarding setup on the new server to forward DNS queries to the old server.
Old server = Windows Server 2003
New server = Windows Server 2008 R2
As far as I can tell, the issue lies with the Cisco device. Can someone please help?
Best Answer
Your old DNS server is probably forwarding requests to one of the DNS servers in the
dns_servers
object group and being allowed by this lineYour new server is probably acting as a recursive DNS server and trying to send requests directly to the root nameservers, TLD servers, etc. If you want your new server to behave like the old one, forward its requests to one of the servers in this object group.
If you want your new DNS server to work as a recursive server, add this line to your ASA configuration: