DNS

packet-tracer input INSIDE udp 10.126.22.74 21943 10.131.156.148 53 detail

Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7ffdb363b8a0, priority=1, domain=permit, deny=false
        hits=63545925533, user_data=0x0, cs_id=0x0, l3_type=0x8
        src mac=0000.0000.0000, mask=0000.0000.0000
        dst mac=0000.0000.0000, mask=0100.0000.0000
        input_ifc=INSIDE, output_ifc=any

Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in   10.131.156.128  255.255.255.192 MANAGEMENT

Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in   10.126.16.0     255.255.240.0   INSIDE

Phase: 4
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7ffdb363d990, priority=110, domain=permit, deny=true
        hits=580, user_data=0x0, cs_id=0x0, flags=0x3000, protocol=0
        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
        input_ifc=INSIDE, output_ifc=any

Result:
input-interface: INSIDE
input-status: up
input-line-status: up
output-interface: MANAGEMENT
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

access-list INSIDE extended permit ip any4 any4
access-list INSIDE extended deny ip any6 any6 log
access-list OUTSIDE extended permit ip any4 any4
access-list OUTSIDE extended deny ip any6 any6 log
access-list GLOBAL extended deny ip any4 any4 log
access-list GLOBAL extended deny ip any6 any6 log