Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > DNS Doctoring with PIX

Reply
Thread Tools

DNS Doctoring with PIX

 
 
Dan Rice
Guest
Posts: n/a
 
      02-07-2005
I have upgraded to PIX 6.3(4) and I am trying to use the DNS command in my
STATIC to access my inside server via domain name. I do not use an internal
DNS server.

My question is, am I missing some other command, sysopt or fixup to make
this work? The static I have does work for outside-inside traffic, but
still does not 'doctor' the DNS inquiries for inside use. I do have the
fixup protocol dns maximum-length 512 statement. There really isn't a lot
of info on using this command in a static. I know there is an alias
command, but I only have one IP address that I need to forward to two
servers (mail/web), and its my understanding that alias has to be a
one-to-one ratio (no port, only IP). Any help would be greatly appreciated.
I am sure I am missing something stupid.

Here is my current static:

static (inside,outside) tcp x.y.z.37 www 192.168.1.1 www dns netmask
255.255.255.255 0 0


 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      02-07-2005
In article <yGONd.1855$(E-Mail Removed)> ,
Dan Rice <(E-Mail Removed)> wrote:
:I have upgraded to PIX 6.3(4) and I am trying to use the DNS command in my
:STATIC to access my inside server via domain name. I do not use an internal
NS server.

I happened to notice in the command reference today some lines indicating
that if you had an outside name server that needed to transfer information
to inside, that DNS doctoring would not work if you were using PAT.

I was unclear to me from the wording whether it was saying that
DNS fixups for data from external servers were incompatible with PAT,
or if it was obliquely saying that if you were trying to do a DNS
Zone transfer pushed from the outside that you couldn't use PAT because
the inside DNS server wouldn't be reachable.

--
Scintillate, scintillate, globule vivific
Fain would I fathom thy nature specific.
Loftily poised on ether capacious
Strongly resembling a gem carbonaceous. -- Anon
 
Reply With Quote
 
 
 
 
Dan Rice
Guest
Posts: n/a
 
      02-07-2005
"Walter Roberson" <(E-Mail Removed)-cnrc.gc.ca> wrote in message
news:cu8lfr$1no$(E-Mail Removed)...
> I happened to notice in the command reference today some lines indicating
> that if you had an outside name server that needed to transfer information
> to inside, that DNS doctoring would not work if you were using PAT.
>
> I was unclear to me from the wording whether it was saying that
> DNS fixups for data from external servers were incompatible with PAT,
> or if it was obliquely saying that if you were trying to do a DNS
> Zone transfer pushed from the outside that you couldn't use PAT because
> the inside DNS server wouldn't be reachable.
>


Is that a nice way of telling me I am SOL?


 
Reply With Quote
 
Dan Rice
Guest
Posts: n/a
 
      02-07-2005
The command reference also shows a 'DNS' entry for the NAT command, but
doesn't really give any information pertaining to its use other than
"Specifies to use the created translation to rewrite the DNS address
record."


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX DNS doctoring with 2003 server Rudyard Shackleton Cisco 3 06-07-2005 09:39 AM
DNS doctoring grzybek Cisco 0 02-10-2004 08:30 AM
DNS Doctoring Chris Cisco 2 12-19-2003 08:54 PM
DNS Doctoring with a cisco router Cool Guy Bri Cisco 2 11-26-2003 03:49 PM
DNS Doctoring conversion? Rik Bain Cisco 2 11-10-2003 06:22 PM



Advertisments