DNS doctoring, alias .

Discussion in 'Cisco' started by AM, Mar 15, 2005.

  1. AM

    AM Guest

    Does the DNS doctoring work without specifing protocols and ports or does it with them as well?
    Are internal DNSes needed for the doctoring to work properly or is it the same thing to have clients with external DNSes
    specified and answers from them are anyway translated?

    Alex.
     
    AM, Mar 15, 2005
    #1
    1. Advertising

  2. "AM" <> wrote in message
    news:8jxZd.14401$...
    > Does the DNS doctoring work without specifing protocols and ports or does

    it with them as well?

    yes, you can use the alias command completly "stand-alone"
    look at the Cisco doc for "understanding the Alias command"
    There are two usage guidelines there: one is DNS doctoring, other is
    destination NAT

    > Are internal DNSes needed for the doctoring to work properly or is it the

    same thing to have clients with external DNSes
    > specified and answers from them are anyway translated?
    >
    > Alex.
     
    Martin Bilgrav, Mar 15, 2005
    #2
    1. Advertising

  3. AM

    AM Guest

    AM wrote:

    > Does the DNS doctoring work without specifing protocols and ports or
    > does it with them as well?
    > Are internal DNSes needed for the doctoring to work properly or is it
    > the same thing to have clients with external DNSes specified and answers
    > from them are anyway translated?
    >
    > Alex.


    I tried to use external DNSes and mapped a PC as web server using a static rule specifying protocols and ports.
    It seems not to work.
    Does it work only if the questioner is a DNS and not a client?
    I flushed the DNS cache of my client.

    Please, help me.

    Alex.
     
    AM, Mar 15, 2005
    #3
  4. AM

    AM Guest

    AM wrote:

    > AM wrote:
    >


    Say the name foo.bergladu.edu is mapped to 1.2.3.4

    I tried

    static (inside,outside) 1.2.3.4 192.168.30.235 dns netmask 255.255.255.255 0 0

    and resolving the name with the external DNSes where the name foo.bergladu.eduis mapped

    this this the output of nslookup

    C:\>nslookup foo.bergladu.edu
    Server: <my primary DNS external name>
    Address: <external DNS primary IP>

    Nome: <real name of the the mapped IP >
    Address: 192.168.31.235
    Aliases: foo.bergladu.edu

    If I specify

    static (inside,outside) tcp 1.2.3.4 80 192.168.30.235 80 dns netmask 255.255.255.255 0 0

    this is the output

    C:\>nslookup foo.bergladu.edu
    Server: <my primary DNS external name>
    Address: <external DNS primary IP>

    Nome: <real name of the the mapped IP >
    Address: 1.2.3.4
    Aliases: foo.bergladu.edu


    Why is there this difference? Is it correct?

    should be the options "dns" work in each case?

    Alex.
     
    AM, Mar 15, 2005
    #4
  5. AM

    AM Guest

    Martin Bilgrav wrote:
    > "AM" <> wrote in message
    > news:8jxZd.14401$...
    >
    >>Does the DNS doctoring work without specifing protocols and ports or does

    >
    > it with them as well?
    >
    > yes, you can use the alias command completly "stand-alone"
    > look at the Cisco doc for "understanding the Alias command"
    > There are two usage guidelines there: one is DNS doctoring, other is
    > destination NAT


    I read the document and you are correct but I saw a different behaviour specifying protocol and ports (it seems not to
    work) and stand alone (all thing go OK).
    My proposal is to use DNS doctoring but I can't.
    Perhaps my previous posts were a bit confused but briefly (and willing to give access to a web server to internet users
    and to PCs on internal LAN)

    static (inside,outside) tcp interface www 192.168.30.21 www netmask 255.255.255.255 0 seems NOT to work to me

    static (inside,outside) interface 192.168.30.21 netmask 255.255.255.255 0 works properly for me

    I would the first one to work, i.e. it must resolve name with internal IP of the web server.

    My PIX runs 6.3(4) OS version.

    Alex.
     
    AM, Mar 16, 2005
    #5
  6. "AM" <> wrote in message
    news:dSXZd.15532$...

    > static (inside,outside) tcp interface www 192.168.30.21 www netmask

    255.255.255.255 0 seems NOT to work to me
    >
    > static (inside,outside) interface 192.168.30.21 netmask 255.255.255.255 0

    works properly for me


    you can specify a "DNS" command into that static - Did you try that ?
     
    Martin Bilgrav, Mar 16, 2005
    #6
  7. AM

    AM Guest

    Martin Bilgrav wrote:

    > "AM" <> wrote in message
    > news:dSXZd.15532$...
    >
    >
    >>static (inside,outside) tcp interface www 192.168.30.21 www netmask

    >
    > 255.255.255.255 0 seems NOT to work to me
    >
    >>static (inside,outside) interface 192.168.30.21 netmask 255.255.255.255 0

    >
    > works properly for me
    >
    >
    > you can specify a "DNS" command into that static - Did you try that ?
    >
    >


    I'm really sorry Martin :( I was out of my mind when writing and I forgot "dns" in both statements.
    The correct post had to be

    static (inside,outside) tcp interface www 192.168.30.21 www dns netmask 255.255.255.255 0 seems NOT to work to me

    static (inside,outside) interface 192.168.30.21 dns netmask 255.255.255.255 0 works properly for me

    Alex.
     
    AM, Mar 16, 2005
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rik Bain

    DNS Doctoring conversion?

    Rik Bain, Nov 10, 2003, in forum: Cisco
    Replies:
    2
    Views:
    2,449
    Walter Roberson
    Nov 10, 2003
  2. Cool Guy Bri

    DNS Doctoring with a cisco router

    Cool Guy Bri, Nov 25, 2003, in forum: Cisco
    Replies:
    2
    Views:
    2,665
    Cool Guy Bri
    Nov 26, 2003
  3. Chris

    DNS Doctoring

    Chris, Dec 19, 2003, in forum: Cisco
    Replies:
    2
    Views:
    812
    Chris
    Dec 19, 2003
  4. grzybek

    DNS doctoring

    grzybek, Feb 10, 2004, in forum: Cisco
    Replies:
    0
    Views:
    561
    grzybek
    Feb 10, 2004
  5. AM

    DNS doctoring.

    AM, Dec 9, 2004, in forum: Cisco
    Replies:
    0
    Views:
    672
Loading...

Share This Page