Dmz dns query on asa 5540

Hi Expert.
How I can allow dmz zone server to resolve only dns query through nslookup on ASA 5540 ?
What is the configuration required on ASA 5540 ?
Thanks

Hi Samir,
By IP address will be very simple, depending on the security level that it has (higher than 0 for DMZ and 0 for the outside) it will be allowed by default.
If there is an access-list alreay applied denying all the http traffic what you need to do is simply allowed that specific host on the ACL and then deny the rest.
Access-list DMZ permit tcp host host eq 80
Access-list DMZ deny ip any any
access-group DMZ in interface DMZ
Then you can add a host entry on the hostfile for the server on the DMZ to translate the IP address to a hostname and you will be able to access it using the web browser (not really scalable, but it works)
WARNING: This will only allow traffic from the DMZ server going to specific host on the internet on port 80, any other traffic going to any other interface will be dropped.
Mike

Similar Messages

DNS Doctoring issue - ASA 5540

I am in the process of setting up a segrated Guest Wifi network in my office and in doing so realized that I can not access my NAT'd externally facing web servers through this network. This guest network is using 8.8.8.8 for DNS and is properly resolving the external IP for the servers, but the pages refuse to load. If I go directly to the Private IP of the servers, the pages load. These NAT'd servers are on the DMZ interface of my ASA, whereas the "Guest network" resides on the Internal interface.
I came accross this: "By default the Cisco ASA will not allow packet redirection on the same interface (outside) which is tried by the guest client trying to access the DMZ server by its NAT’d public IP address.", which perfectly describes my issue. The article goes on to say that my checking the "Translate the DNS replies that match the translation rule" box (enable DNS Doctoring) in the NAT rule, the ASA would essentially rewrite the external IP to the private IP. This however is not working and the pages still won't come up.
Am I not understanding this right? What am I missing from this set up?

Hello Tom,
If the server is on a different interface than the clients why don't you simple do a static one to one from the private to the global IP address.
EX
static (dmz,inside) public ip private ip
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com

ASA 5510 denying local DNS Query

I have a ASA5510 ASA v7.0.8 in routed firewall mode. It is setup as the internal router and default gateway.
I was asked to set up a wireless router, I chose a D-Link DIR-815 (we are a small buisiness).
I have it all set up but I cannot get any name resolution.
The firewall is blocking traffic that is all internal. To clarify, it is only blocking the DNS traffic from the D-Link wireless router, the rest of the network operates just fine.
the message in the ASA log is like the following:
Deny inbound UDP from 192.168.1.246/xxxx to 192.168.1.10/53 due to DNS Query.
.246 being the "WAN" port my wireless router and .10 being my DNS server.
I tried adding an ACL "access-list dns extended permit udp any eq 53 any" but this didn't help.
Any ideas? Thanks.

To let anyone know, if I take the same IP settings from the wireless router WAN port and put them on the LAN settings and use it like an AP it all works just fine.

ASA 5505 + ASA 5540 static VPN, ssh and rdp problems

Greetings!
I've recentely set up a VPN between Cisco ASA 5540(8.4) ana 5505(8.3).
Everything works fine, but there is a small problem that is really annoying me.
From the inside network behind ASA 5505 I connect via rdp or ssh to a host inside ASA 5540.
Then I minimize ssh and rdp windows and don't use it for ten minutes. But I still use VPN for downloading some files.
Then I open ssh window - the session is inactive, open rdp window - I see a black screen (for 10-15 seconds, and then it shows RDP)
There are no timeouts on ssh or rdp hosts configured, via GRE tunnel it works perfectly without any hangs.
What can I do to get rid of this problem?
Thanks in advance.

Dear Fedor,
You could try adding the following commands to your configuration (on both ASAs) in order to increase the timeout values of the specific TCP sessions:
access-l rdp_ssh permit tcp 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0 eq 22
access-l rdp_ssh permit tcp 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0 eq 3389
class-map TCP_TIMEOUT
      match access-list rdp_ssh
policy-map global_policy
     class TCP_TIMEOUT
          set connection timeout idle 0:30:00
          set connection timeout half 0:30:00
* Please make sure you define the specific RDP and SSH ports in the ACL and avoid the use of "permit ip any any".
Let me know.
Portu.
Please rate any post you find useful.

ASA 5540 _ I want to ping across inside to outside for testing

ASA 5540 8.2 (5)
I have tried many combinations of command line syntax suggested in this forum but none are providing success so far.
I want to ping from the Inside Interface across to the Outside Interface and visa versa.
I have tried various ACLs as well as "inspect icmp" in the config, etc still no go.
I can ping each interface from the console command line but cannot ping across each interface.
Is this even possible ?
I am open to suggestions.
thanks
Troy
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 192.168.1.1 255.255.255.0
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.10.10.10 255.255.255.0
ASA-5540-LAB#
ASA-5540-LAB# ping 192.168.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ASA-5540-LAB# ping 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ASA-5540-LAB# ping inside 192.168.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Success rate is 0 percent (0/5)
ASA-5540-LAB# ping outside 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Success rate is 0 percent (0/5)
ASA-5540-LAB#

Hi Troy,
Remember that the ASA is a security device, so by design it does't support what you are trying to accomplish.
" For For security purposes the security appliance does not support far-end interface ping, that is pinging the IP address of the outside interface from the inside network."
http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/trouble.html#wp1059645
Even if you are trying to ping from the ASA since I see you are trying to do a "source" ping. The source of the packet will be an internal IP address going to the outside IP.
Luis Silva

WLC sitting in a DMZ zone on an ASA

I am trying to figure out a way to do a Guest Network without using an ACL tied to the SSID. (Customer's request) Its a layer 3 network and they suggested creating a DMZ zone off their ASA and connecting the WLC there that way its outside their network and can go straight to the internet.
I have never done this before ... so does anyone know if this would work? Any config guides or explanations would be great.
Thanks

Often times, when you hear about a controller in the DMZ, it is part of a pair of internal/external controllers. The internal controller sits within your network and a guest wlan tunnels to the external(dmz) controller (which doesn't actually have any APs on it).
If you have only one controller, then doing either the trunked vlan, or port 2 straight to the DMZ will work.
I often see the guest in VLAN 10 (for example), and instead of vlan 10 having a routed interface on the network, it is only layer 2 with a port in access vlan10 that connects to the DMZ of the firewall.

How do I get an ASA-5540 back to default config?

Is there an easy way to re-apply the default config that comes with a new ASA-5540? I'd like to have our ASA-5540 be back to its default with 192.168.1.1 on the inside interface and act as a DHCP server so I have connect a PC to it to begin initial configuration using the ASDM.
The ASA-5540 is running on asa723-k8.bin.

configure factory-default
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/c4_72.html#wp2039866
a simple "write erase/reload" would also do the trick.

DNS querier

please help me in creating a DNS query program to display the resource records it returns

Construct an application to send and receive DNS queries and responses. application must be able to send queries for a given hostname [The application must send the query to a given DNS server, wait for the response and display all the Resource Records returned.

451 4.4.0 DNS query failed. The error was: SMTPSEND.DNS.NonExistentDomain

Hi,
I have two Exchange 2010 servers running on Windows 2008 Ent R2.
These mail servers have been running fine for a few years.
Today I noticed two things.
1. users were telling me they were having delays receiving emails from outside of our own domain. The mail gets sent out, but it takes about 15-30 mins for users outside our our domain to get their mail. Mail sent from inside our domain gets delivered right
away.
2. An error message that I see when I go to Tools->Queue Viewer in EMC. The error is: 451 4.4.0 DNS query failed. The error was: SMTPSEND.DNS.NonExistentDomain. This error shows up when you click on the "Queues" tab and then look at the
"hub version 14" under "next hop domain" column.
I'm assuming these two things are related. I don't understand why the problem is just showing up now. As I said, mail delivery has been fine for a while and I haven't done any major updates to the server in a few months.
Thanks for any ideas and suggestions as to what might be causing it and where I can look.
Mike

Hi,
1. I replaced my Cert with the same exact cert from GoDaddy, just an updated expire date.
2. We have two exchange servers.
3. The message I am seeing now, is under "Last Error" for every queue (not individual messages).
That error message is: 451 4.4.0 Primary Target IP address responded with 421 4.2.1 Unable to connect. Attempted failover to alternate host but that did not succeed.
OR
451 4.4.0 DNS query failed. The error was: SMTPSEND.DNS.NonExistentDomain. (This is the same error I mentioned earlier.
I ran some tests on mxmailbox.com for my domain name.I got the following alerts back when running a DNS check.
SOA Serial Number format is invalid. ns.rackspace.com Serial XXXXXXXX : Suggested serial format year was 1402 which is before 1970
AND
SOA Expire value out of recommended range. ns.rackspace reported Expire 604800. Expire is recommeded to be between 1209600 and 2419200
I use Rackspace DNS servers for External lookups.
Does this point my mail delay problem to Rackspace or something local on my own machine?
Thanks!
Mike

CiscoWorks LMS 4.0.1 and ASA 5540

I've added an ASA-5540 to the group of systems I backup each night. When the admin logs into the ASA in the morning, he sees the "save configuration" flag has been set. This started the same day CiscoWorks saved teh configuration. What is CiscoWorks doing to set this flag, and how do I stop it? It should only be reading the configuration. Thanks.

Ideally LMS should not save configuration only when LMS is taking the backup of configuration. This can be easily tested, if you try to run an instant job for Configuration Archive under Configuration > Sync Archive and see it on the ASA if it shows "save configuration" flag set.
It should be something else on either LMS or somewhere outside. In LMS it could be something like a NetConfig Job which may save configuration or other options like deploy configuration, which is very unlikely.
Before we stop it, we need to test and confirm, it is actually LMS,. You can also try to suspend the device once from LMS to see if next day you still see similar flag set.
Once we confirm it is LMS, we can test which action of LMS is doing it and how to prevent.
-Thanks
Vinod
** Encourage Contributors. RATE them**

High CPU due to dispatch unit in cisco ASA 5540

Hi Any suggestion help
High CPU due to dispatch unit in cisco ASA 5540
ciscoasa# sh processes cpu-usage
PC Thread 5Sec 1Min 5Min Process
0805520c ad5afdf8 0.0% 0.0% 0.0% block_diag
081a8d34 ad5afa08 82.6% 82.1% 82.3% Dispatch Unit
083b6c05 ad5af618 0.0% 0.0% 0.0% CF OIR
08a60aa0 ad5af420 0.0% 0.0% 0.0% lina_int
08069f06 ad5aee38 0.0% 0.0% 0.0% Reload Control Thread
08072196 ad5aec40 0.0% 0.0% 0.0% aaa
08c76f3d ad5aea48 0.0% 0.0% 0.0% UserFromCert Thread
080a6f36 ad5ae658 0.0% 0.0% 0.0% CMGR Server Process
080a7445 ad5ae460 0.0% 0.0% 0.0% CMGR Timer Process
081a815c ad5ada88 0.0% 0.0% 0.0% dbgtrace
0844d75c ad5ad2a8 0.0% 0.0% 0.0% 557mcfix
0844d57e ad5ad0b0 0.0% 0.0% 0.0% 557statspoll
08c76f3d ad5abef8 0.0% 0.0% 0.0% netfs_thread_init
09319755 ad5ab520 0.0% 0.0% 0.0% Chunk Manager
088e3f0e ad5ab328 0.0% 0.0% 0.0% PIX Garbage Collector
088d72d4 ad5ab130 0.0% 0.0% 0.0% IP Address Assign
08ab1cd6 ad5aaf38 0.0% 0.0% 0.0% QoS Support Module
08953cbf ad5aad40 0.0% 0.0% 0.0% Client Update Task
093698fa ad5aab48 0.0% 0.0% 0.0% Checkheaps
08ab6205 ad5aa560 0.0% 0.0% 0.0% Quack process
08b0dd52 ad5aa368 0.0% 0.0% 0.0% Session Manager
08c227d5 ad5a9f78 0.0% 0.0% 0.0% uauth
08bbf615 ad5a9d80 0.0% 0.0% 0.0% Uauth_Proxy
08bf5cbe ad5a9798 0.0% 0.0% 0.0% SSL
08c20766 ad5a95a0 0.0% 0.0% 0.0% SMTP
081c0b4a ad5a93a8 0.0% 0.0% 0.0% Logger
08c19908 ad5a91b0 0.0% 0.0% 0.0% Syslog Retry Thread
08c1346e ad5a8fb8 0.0% 0.0% 0.0% Thread Logger
08e47c82 ad5a81f0 0.0% 0.0% 0.0% vpnlb_thread
08f0f055 ad5a7a10 0.0% 0.0% 0.0% pci_nt_bridge
0827a43d ad5a7620 0.0% 0.0% 0.0% TLS Proxy Inspector
08b279f3 ad5a7428 0.0% 0.0% 0.0% emweb/cifs_timer
086a0217 ad5a7230 0.0% 0.0% 0.0% netfs_mount_handler
08535408 ad5a7038 0.0% 0.0% 0.0% arp_timer
0853d18c ad5a6e40 0.0% 0.0% 0.0% arp_forward_thread
085ad295 ad5a6c48 0.0% 0.0% 0.0% Lic TMR
08c257b1 ad5a6a50 0.0% 0.0% 0.0% tcp_fast
08c28910 ad5a6858 0.0% 0.0% 0.0% tcp_slow
08c53f79 ad5a6660 0.0% 0.0% 0.0% udp_timer
080fe008 ad5a6468 0.0% 0.0% 0.0% CTCP Timer process
08df6853 ad5a6270 0.0% 0.0% 0.0% L2TP data daemon
08df7623 ad5a6078 0.0% 0.0% 0.0% L2TP mgmt daemon
08de39b8 ad5a5e80 0.0% 0.0% 0.0% ppp_timer_thread
08e48157 ad5a5c88 0.0% 0.0% 0.0% vpnlb_timer_thread
081153ff ad5a5a90 0.0% 0.0% 0.0% IPsec message handler
081296cc ad5a5898 0.0% 0.0% 0.0% CTM message handler
089b2bd9 ad5a56a0 0.0% 0.0% 0.0% NAT security-level reconfiguration
08ae1ba8 ad5a54a8 0.0% 0.0% 0.0% ICMP event handler
I want exact troubleshooting.
(1) Steps to follow.
(2) Required configuration
(3) Any good suggestions
(4) Any Tool to troubleshoot.
Suggestions are welcome

Hello,
NMS is probably not the right community to t/s this. You probably want to move this to Security group (Security > Firewalling).
In the meanwhile, i have some details to share for you to check, though i am not a security/ASA expert.
The Dispatch Unit is a process that continually runs on single-core ASAs (models 5505, 5510, 5520, 5540, 5550). The Dispatch Unit takes packets off of the interface driver and passes them to the ASA SoftNP for further processing; it also performs the reverse process.
To determine if the Dispatch Unit process is utilizing the majority of the CPU time, use the command show cpu usage and show process cpu-usage sorted non-zero
show cpu usage (and show cpu usage detail) will show the usage of the ASA CPU cores:
ASA# show cpu usage
CPU utilization for 5 seconds = 0%; 1 minute: 1%; 5 minutes: 0%
show process cpu-usage sorted non-zero will display a sorted list of processes that are using the CPU usage.
In the example below, the Dispatch Unit process has used 50 percent of the CPU for the last 5 seconds:
ASA# show process cpu-usage sorted non-zero
0x0827e731 0xc85c5bf4 50.5% 50.4% 50.3% Dispatch Unit
0x0888d0dc 0xc85b76b4 2.3% 5.3% 5.5% esw_stats
0x090b0155 0xc859ae40 1.5% 0.4% 0.1% ssh
0x0878d2de 0xc85b22c8 0.1% 0.1% 0.1% ARP Thread
0x088c8ad5 0xc85b1268 0.1% 0.1% 0.1% MFIB
0x08cdd5cc 0xc85b4fd0 0.1% 0.1% 0.1% update_cpu_usage
If Dispatch Unit is listed as a top consumer of CPU usage, then use this document to narrow down what might be causing the Dispatch Unit process to be so active.
Most cases of high CPU utilization occur because the Dispatch Unit process is high. Common causes of high utilization include:
Oversubscription
Routing loops
Host with a high number of connections
Excessive system logs
Unequal traffic distribution
More t/s details can be shared by the ASA members from the community.
HTH
-Thanks
Vinod

Constant DNS querying for 127.0.0.1

Hello,
I'm quite puzzled... I noticed a constant low bandwidth traffic on the WAN port of the router and tracked it back to the MacOS X (10.5.2) host constantly DNS querying for 127.0.0.1 (about every three seconds). I am using DHCP and the network configuration picks up the external DNS server.
I thought this localhost information should be picked up directly from /etc/hosts (in my case)
cat /etc/hosts
# Host Database
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
and there should be no need to ask for this reverse DNS name resolution to the external DNS server.
do I really have to use dscl and create an entry for localhost to stop this DNS querying activity?
andrea

and tcpdump reports:
tcpdump -A -n -i en0 port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en0, link-type EN10MB (Ethernet), capture size 96 bytes
00:01:51.873347 IP 192.168.21.100.5353 > 192.168.21.1.53: 13522+[|domain]
E..YO..........d.......5.EnB4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:01:51.889664 IP 62.31.176.39.53 > 192.168.21.100.5353: 13522 NXDomain[|domain]
E....A@.....>..'...d.5.....S4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:01:54.873113 IP 192.168.21.100.5353 > 192.168.21.1.53: 13523+[|domain]
E..Yd..........d.......5.EnA4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:01:54.889388 IP 62.31.176.39.53 > 192.168.21.100.5353: 13523 NXDomain[|domain]
E....B@.....>..'...d.5.....R4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:01:57.872864 IP 192.168.21.100.5353 > 192.168.21.1.53: 13524+[|domain]
[email protected]
dnsbugtest.1.0.0.127.in-addr.ar
00:01:57.888922 IP 62.31.176.39.53 > 192.168.21.100.5353: 13524 NXDomain[|domain]
E....C@.....>..'...d.5.....Q4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:00.873402 IP 192.168.21.100.5353 > 192.168.21.1.53: 13525+[|domain]
E..Y)..........d.......5.En?4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:00.889180 IP 62.31.176.39.53 > 192.168.21.100.5353: 13525 NXDomain[|domain]
E....D@.....>..'...d.5.....P4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:03.872666 IP 192.168.21.100.5353 > 192.168.21.1.53: 13526+[|domain]
..........d.......5.En>4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:03.891466 IP 62.31.176.39.53 > 192.168.21.100.5353: 13526 NXDomain[|domain]
E....E@.....>..'...d.5.....O4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:06.872956 IP 192.168.21.100.5353 > 192.168.21.1.53: 13527+[|domain]
E..Y.(.........d.......5.En=4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:06.888972 IP 62.31.176.39.53 > 192.168.21.100.5353: 13527 NXDomain[|domain]
E....F@.....>..'...d.5.....N4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:09.872419 IP 192.168.21.100.5353 > 192.168.21.1.53: 13528+[|domain]
E..Y!..........d.......5.En<4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:09.890732 IP 62.31.176.39.53 > 192.168.21.100.5353: 13528 NXDomain[|domain]
E....G@.....>..'...d.5.....M4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
^C
14 packets captured
60 packets received by filter
0 packets dropped by kernel
pretty clear that the 127.0.0.1 entry in /etc/hosts is unfortunately not used.
localhost and 127.0.0.1 are part of the loopback interface (lo0) and a lookup from /etc/hosts should suffice! no reason at all to query a DNS service unless explicitly specified.

CSM DNS query payload translation

Similar to IOS NAT for overlapping networks where DNS query payloads are translated, is there any thing similar in CSM?
We have a situation where the client queries the DNS server located behind the CSM, we need CSM modify the reply where the payload ip address is changed to a new virtual address which the client can talk to.

not possible with the csm.
Gilles.

451 4.4.0 DNS query failed - NonExistentDomain

I am in the process of migrating from Exch 2007 to 2013 for a small company. It is a very simple setup of just a single domain which has
1 server, 1 organization and 1 database. Here is what I have done so far:
1. Installed a physical server EX13 for Exchange 2013 with SP1. All updates have been applied.
2. Added a new Receive Connector of EX13 in addition to existing EX07.
3. Changed SMTP port forwarding on the firewall from EX07 to EX13.
4. Migrated a few mailboxes to the EX13.
Accounts on both servers have no issues with exchanging email both ways on the Internet. However, when accounts on the old server email to
migrated users, the new server does not always receive the messages promptly. There is a delay as much as 30 minutes that happens sporadically.
I checked the message header on the delayed messages and found that they had been stuck in EX07 for a long time before forwarding to EX13.
From Ex07 queue viewer, I found the following error:
451 4.4.0 DNS query failed. The error was: SMTPSEND.DNS.NonExistentDomain; nonexistent domain
Net Hop Domain: hub version 15
Delivery type: SMTP Relay in Active Directory
Message Source Name: FromLocal
Last Error: 451 4.4.0 DNS query failed. The error was: SMTPSEND.dns.NonExistentDomain;nonexistentdomain
The status showed "retry" and eventually the message would be delivered. Once it went through, I sent another one again from an EX07
account to EX13 account, the message was received instantly.
So far I have tried the following:
1. Added a host entry to point EX13.my_external_domain.com to the internal address of EX13
2. Added an 'A' record on the internal DNS server with the same entry.
3. Verified that EX13.my_external_domain.com was accessible from EX07 using this FQDN.
4. Removed EX07 and leaving only EX13 on the Receive Connector list
5. Removed EX13 and leaving only EX07 on the Receive Connector list
6. Put both connectors back
There is no change of status. Every morning our users are saying that they could not email users on the new server. Then after 30 minutes,
the problem disappeared but it will come back later in the day. On the other hand, users on the new server do not notice any delay when sending messages to the those on the new box. At this point, I don't feel comfortable migrating more users. Can someone
please shed some lights?

As suggested by Cara, I queried the message logs of both servers to track the delayed message. This time, it took an hour for a message to be delivered.
========================================
Message Log on Sending Server EXCH07
========================================
[PS] C:\Windows\system32>get-messagetrackinglog -messagesubject "exch07-user1 to
exch13-user1" | fl
Timestamp : 3/28/14 2:18:00 PM
ClientIp : fe80::a5d8:d604:af26:37a9
ClientHostname : EXCH07.contoso.local
ServerIp : fe80::a5d8:d604:af26:37a9%10
ServerHostname : EXCH07
SourceContext :
ConnectorId :
Source : STOREDRIVER
EventId : RECEIVE
InternalMessageId : 4106
MessageId : <CC47D79927E02645940E84883BD0D909F58F56E607@TO-EXCHAN
GE.contoso.local>
Recipients : {[email protected]}
RecipientStatus : {}
TotalBytes : 3897
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1
Sender : [email protected]
ReturnPath : [email protected]
MessageInfo : 04I:
Timestamp : 3/28/14 3:12:02 PM
ClientIp : 2002:960a:116::960a:116
ClientHostname : EXCH07
ServerIp : 2002:960a:125::960a:125
ServerHostname : EXCH13.contoso.local
SourceContext : 08D1189FA5E0283C
ConnectorId : Intra-Organization SMTP Send Connector
Source : SMTP
EventId : SEND
InternalMessageId : 4106
MessageId : <CC47D79927E02645940E84883BD0D909F58F56E607@TO-EXCHAN
GE.contoso.local>
Recipients : {[email protected]}
RecipientStatus : {250 2.1.5 Recipient OK}
TotalBytes : 4337
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1
Sender : [email protected]
ReturnPath : [email protected]
MessageInfo : 3/28/14 2:18:00 PM
Timestamp : 3/28/14 3:40:22 PM
ClientIp : fe80::a5d8:d604:af26:37a9
ClientHostname : EXCH07.contoso.local
ServerIp : fe80::a5d8:d604:af26:37a9%10
ServerHostname : EXCH07
SourceContext :
ConnectorId :
Source : STOREDRIVER
EventId : RECEIVE
InternalMessageId : 4685
MessageId : <CC47D79927E02645940E84883BD0D909F58F56E608@TO-EXCHAN
GE.contoso.local>
Recipients : {[email protected]}
RecipientStatus : {}
TotalBytes : 3905
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1-1
Sender : [email protected]
ReturnPath : [email protected]
MessageInfo : 04I:
Timestamp : 3/28/14 4:34:27 PM
ClientIp : 2002:960a:116::960a:116
ClientHostname : EXCH07
ServerIp : 2002:960a:125::960a:125
ServerHostname : EXCH13.contoso.local
SourceContext : 08D1189FA5E0295D
ConnectorId : Intra-Organization SMTP Send Connector
Source : SMTP
EventId : SEND
InternalMessageId : 4685
MessageId : <CC47D79927E02645940E84883BD0D909F58F56E608@TO-EXCHAN
GE.contoso.local>
Recipients : {[email protected]}
RecipientStatus : {250 2.1.5 Recipient OK}
TotalBytes : 4345
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1-1
Sender : [email protected]
ReturnPath : [email protected]
MessageInfo : 3/28/14 3:40:22 PM
Timestamp : 3/28/14 2:18:00 PM
ClientIp : fe80::a5d8:d604:af26:37a9%10
ClientHostname : EXCH07
ServerIp :
ServerHostname : EXCH07
SourceContext : MDB:caef6319-6c43-4f5e-8b42-34b112a9f6a4, Mailbox:589
783a4-b411-45d8-b359-23095d3cd24d, Event:114759020, M
essageClass:IPM.Note, CreationTime:2014-03-28T18:17:5
9.653Z, ClientType:OWA
ConnectorId :
Source : STOREDRIVER
EventId : SUBMIT
InternalMessageId :
MessageId : <CC47D79927E02645940E84883BD0D909F58F56E607@TO-EXCHAN
GE.contoso.local>
Recipients : {}
RecipientStatus : {}
TotalBytes :
RecipientCount :
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1
Sender : [email protected]
ReturnPath :
MessageInfo :
Timestamp : 3/28/14 3:40:22 PM
ClientIp : fe80::a5d8:d604:af26:37a9%10
ClientHostname : EXCH07
ServerIp :
ServerHostname : EXCH07
SourceContext : MDB:caef6319-6c43-4f5e-8b42-34b112a9f6a4, Mailbox:589
783a4-b411-45d8-b359-23095d3cd24d, Event:114778671, M
essageClass:IPM.Note, CreationTime:2014-03-28T19:40:2
1.777Z, ClientType:OWA
ConnectorId :
Source : STOREDRIVER
EventId : SUBMIT
InternalMessageId :
MessageId : <CC47D79927E02645940E84883BD0D909F58F56E608@TO-EXCHAN
GE.contoso.local>
Recipients : {}
RecipientStatus : {}
TotalBytes :
RecipientCount :
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1-1
Sender : [email protected]
ReturnPath :
MessageInfo :
========================================
Message Log on Sending Server EXCH07
========================================
[PS] C:\Users\administrator.contoso\Desktop>get-messagetrackinglog -messagesubject "exch07-user1 to exch13-user1" | fl
RunspaceId : 4ec43dbc-f727-4ac4-850e-ecac5e5e23ab
Timestamp : 3/28/2014 3:12:01 PM
ClientIp :
ClientHostname :
ServerIp :
ServerHostname : EXCH13
SourceContext : No suitable shadow servers
ConnectorId :
Source : SMTP
EventId : HAREDIRECTFAIL
InternalMessageId : 1236950581391
MessageId : <[email protected]>
Recipients : {[email protected]}
RecipientStatus : {}
TotalBytes : 5337
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1
Sender : [email protected]
ReturnPath : [email protected]
Directionality : Originating
TenantId :
OriginalClientIp :
MessageInfo :
MessageLatency :
MessageLatencyType : None
EventData : {[DeliveryPriority, Normal]}
RunspaceId : 4ec43dbc-f727-4ac4-850e-ecac5e5e23ab
Timestamp : 3/28/2014 3:12:02 PM
ClientIp : 2002:960a:125::960a:125
ClientHostname : EXCH13.contoso.local
ServerIp : 2002:960a:125::960a:125
ServerHostname : EXCH13
SourceContext : 08D1189F8F482FF4;2014-03-28T19:09:18.823Z;0
ConnectorId : EXCH13\Default EXCH13
Source : SMTP
EventId : RECEIVE
InternalMessageId : 1236950581391
MessageId : <[email protected]>
Recipients : {[email protected]}
RecipientStatus : {}
TotalBytes : 5337
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1
Sender : [email protected]
ReturnPath : [email protected]
Directionality : Originating
TenantId :
OriginalClientIp : 2002:960a:116::960a:116
MessageInfo : 0cI:
MessageLatency :
MessageLatencyType : None
EventData : {[FirstForestHop, EXCH13.contoso.local], [ProxiedClientIPAddress, 65.114.181.16],
[ProxiedClientHostname, qw01016.businesswatchnetwork.com], [ProxyHop1,
EXCH13.contoso.local(2002:960a:125::960a:125)], [DeliveryPriority, Normal]}
RunspaceId : 4ec43dbc-f727-4ac4-850e-ecac5e5e23ab
Timestamp : 3/28/2014 3:12:02 PM
ClientIp :
ClientHostname : EXCH13
ServerIp :
ServerHostname :
SourceContext :
ConnectorId :
Source : AGENT
EventId : AGENTINFO
InternalMessageId : 1236950581391
MessageId : <[email protected]>
Recipients : {[email protected]}
RecipientStatus : {}
TotalBytes : 5337
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1
Sender : [email protected]
ReturnPath : [email protected]
Directionality : Originating
TenantId :
OriginalClientIp : 2002:960a:116::960a:116
MessageInfo :
MessageLatency :
MessageLatencyType : None
EventData : {[CompCost, |ETR=0], [DeliveryPriority, Normal]}
RunspaceId : 4ec43dbc-f727-4ac4-850e-ecac5e5e23ab
Timestamp : 3/28/2014 3:12:38 PM
ClientIp : 2002:960a:125::960a:125
ClientHostname : EXCH13
ServerIp : 2002:960a:125::960a:125
ServerHostname : EXCH13.contoso.local
SourceContext : 08D1189F8F482FFC;250 2.0.0 OK;ClientSubmitTime:2014-03-28T18:17:59.590Z
ConnectorId : Intra-Organization SMTP Send Connector
Source : SMTP
EventId : SEND
InternalMessageId : 1236950581391
MessageId : <[email protected]>
Recipients : {[email protected]}
RecipientStatus : {250 2.1.5 Recipient OK}
TotalBytes : 6130
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1
Sender : [email protected]
ReturnPath : [email protected]
Directionality : Originating
TenantId :
OriginalClientIp :
MessageInfo : 2014-03-28T18:18:00.077Z;LSRV=EXCH13.contoso.local:TOTAL=36|QDM=35
MessageLatency : 00:54:38.1220000
MessageLatencyType : LocalServer
EventData : {[E2ELatency, 3278], [Microsoft.Exchange.Transport.MailRecipient.RequiredTlsAuthLevel,
Opportunistic], [DeliveryPriority, Normal]}
RunspaceId : 4ec43dbc-f727-4ac4-850e-ecac5e5e23ab
Timestamp : 3/28/2014 3:12:38 PM
ClientIp :
ClientHostname : EXCH13.contoso.local
ServerIp :
ServerHostname : EXCH13
SourceContext : 08D1189F97D8A52F;2014-03-28T19:12:38.090Z;ClientSubmitTime:2014-03-28T18:17:59.590Z
ConnectorId :
Source : STOREDRIVER
EventId : DELIVER
InternalMessageId : 1236950581391
MessageId : <[email protected]>
Recipients : {[email protected]}
RecipientStatus : {}
TotalBytes : 6130
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1
Sender : [email protected]
ReturnPath : [email protected]
Directionality : Originating
TenantId :
OriginalClientIp : 2002:960a:116::960a:116
MessageInfo : 2014-03-28T18:18:00.077Z;SRV=EXCH13.contoso.local:TOTAL=0;SRV=EXCH13.contoso.lo
cal:TOTAL=35|QDM=35;SRV=EXCH13.contoso.local:TOTAL=0
MessageLatency : 00:54:38.1220000
MessageLatencyType : EndToEnd
EventData : {[MailboxDatabaseName, Mailbox Database 1497118588], [Mailboxes,
43a77dd2-c8bb-4b4c-804c-e761b15da654], [E2ELatency, 3278], [DeliveryPriority, Normal]}

Bad DNS Query

Hello there, I am having infinite messages on my gateway router and the connection mill totally slow down. Would you please help?
The following are part of the messages displaying on the router.
Nov 22 06:59:02.846: %DNSSERVER-3-BADQUERY: Bad DNS query from 42.3.151.198
Nov 22 06:59:02.974: %DNSSERVER-3-BADQUERY: Bad DNS query from 111.193.196.204
Nov 22 06:59:06.146: %DNSSERVER-3-BADQUERY: Bad DNS query from 219.106.240.238
Nov 22 06:59:06.294: %DNSSERVER-3-BADQUERY: Bad DNS query from 145.255.176.101

It looks like you have a DNS server on your router and it's being bombarded with requests from the outside world. If you have no need for the router to be a DNS server, turn it of with the "no ip dns server" configuration command. If you need internal DNS to be served by the router, but have no requirement to provide DNS to the Internet, I would deny DNS requests on the inbound ACL of your Internet-facing interfaces. If, for whatever reason, you do have such a requirement, I would set up control-plane policing to ensure that your router isn't being overloaded.

Dmz dns query on asa 5540

Similar Messages

Maybe you are looking for