Skip to content

Allowing Specific DNS Servers on ASA Firewall

The following post shows how to specifically allow specific DNS servers on a Cisco ASA firewall. In this example, I am using Google DNS to be allowed through the firewall.

DNS Rules

object-group service DNS-PORTS
 service-object udp destination eq domain 

object-group network GOOGLE-DNS
 network-object host
 network-object host

access-list ACL_in extended permit object-group DNS-PORTS NETWORK object-group GOOGLE-DNS
comments powered by Disqus