Hello, I'm in a bit confused.

Here's the following topology:

VPN (cisco VPN) user (172.16.x.x) - ASA - Cisco 4500 - DNS server (192.168.x.x)

For some reason, almost all of a sudden, the udp on port 53 seems blocked at the ASA.

Here's what works : ALL TCP, including 3389, 53 TCP, bidirectional ping.

The user has local domain names with .local at the end which need resolved. But they don't for the dns server times out.

I know the ASA blockes them somehow (ASDM logging shows only the udp create and teardown sessions, yet no ACL hits) for by doing a packet capture on the ASA, the replies from the DNS server appear.

EDIT: While running wireshark on the client pc, the DNS server amazingly resolves itself, as in dnserver.whatever.local but times out when resolving anything else, how is this possible?

Now I'm trying to set a basic BIND on a linux box to see if it's the dns server.

The customer supposedly says that has happened after we moved a WAN IP that was doing NAT, on another box.