10-12
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter10 Configuring Basic Settings
Monitoring DNS Cache
Monitoring DNS Cache
The ASA provides a local cache of DNS information from external DNS queries that are sent for certain
clientless SSL VPN and certificate commands. Each DNS translation request is first looked for in the
local cache. If the local cache has the information, the resulting IP address is returned. If the local cache
can not resolve the request, a DNS query is sent to the various DNS servers that have been configured.
If an external DNS server resolves the request, the resulting IP address is stored in the local cache with
its corresponding hostname.

DNS Cache Monitoring Commands

To monitor the DNS cache, enter the following command:
Feature History for DNS Cache
Table 2 lists each feature change and the platform release in which it was implemented.
Step2 dns server-group DefaultDNS
Example:
hostname(config)# dns server-group
DefaultDNS
Specifies the DNS server group that the ASA uses for outgoing
requests.
Other DNS server groups can be configured for VPN tunnel groups.
See the tunnel-group command in the command reference for more
information.
Step3 name-server ip_address [ip_address2]
[...] [ip_address6]
Example:
hostname(config-dns-server-group)#
name-server 10.1.1.5 192.168.1.67
209.165.201.6
Specifies one or more DNS servers. You can enter all six IP addresses
in the same command, separated by spaces, or you can enter each
command separately. The ASA tries each DNS server in order until
it receives a response.
Command Purpose
show dns-hosts Show the DNS cache, which includes dynamically learned
entries from a DNS server as well as manually entered name
and IP addresses using the name command.
Table2 Feature History for DNS Cache
Feature Name
Platform
Releases Feature Information
DNS Cache 7.0(1) DNS cache stores responses that allow a DNS server to
respond more quickly to queries.
We introduced the following command: show dns host.