Loading...
Loading...
- FTD not resolving DNS through diagnostic interface and below debugs verify DNS is not forwarded via the diagnostic interface. Debugs ====== firepower# debug dns all DNS: get global group handle 5a39bf9 DNS: Resolve request for 'google.com' group DNS: DNS is not Enabled on interface vPifNum=2 for nameserver ip=1 <<<<
- FTD configured to resolve DNS through diagnostic interface
Do not select any data interfaces in the DNS server group object and also do not select "Enable DNS Lookup via diagnostic interface also". This will force the FTD to lookup the route for the DNS server(s) via the data interface VRF and when not available, fallback to the management VRF and send the DNS traffic properly. CLI example below: dns domain-lookup any DNS server-group name-server domain-name DNS server-group DefaultDNS dns-group dns_group ! route diagnostic *** Note: The above workaround will only work if there is no route(s) exist to the DNS server(s) via the data interface VRF (including default). ***
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.