DNS Doctoring with PIX

Discussion in 'Cisco' started by Dan Rice, Feb 7, 2005.

  1. Dan Rice

    Dan Rice Guest

    I have upgraded to PIX 6.3(4) and I am trying to use the DNS command in my
    STATIC to access my inside server via domain name. I do not use an internal
    DNS server.

    My question is, am I missing some other command, sysopt or fixup to make
    this work? The static I have does work for outside-inside traffic, but
    still does not 'doctor' the DNS inquiries for inside use. I do have the
    fixup protocol dns maximum-length 512 statement. There really isn't a lot
    of info on using this command in a static. I know there is an alias
    command, but I only have one IP address that I need to forward to two
    servers (mail/web), and its my understanding that alias has to be a
    one-to-one ratio (no port, only IP). Any help would be greatly appreciated.
    I am sure I am missing something stupid.

    Here is my current static:

    static (inside,outside) tcp x.y.z.37 www 192.168.1.1 www dns netmask
    255.255.255.255 0 0
    Dan Rice, Feb 7, 2005
    #1
    1. Advertising

  2. In article <yGONd.1855$>,
    Dan Rice <> wrote:
    :I have upgraded to PIX 6.3(4) and I am trying to use the DNS command in my
    :STATIC to access my inside server via domain name. I do not use an internal
    :DNS server.

    I happened to notice in the command reference today some lines indicating
    that if you had an outside name server that needed to transfer information
    to inside, that DNS doctoring would not work if you were using PAT.

    I was unclear to me from the wording whether it was saying that
    DNS fixups for data from external servers were incompatible with PAT,
    or if it was obliquely saying that if you were trying to do a DNS
    Zone transfer pushed from the outside that you couldn't use PAT because
    the inside DNS server wouldn't be reachable.

    --
    Scintillate, scintillate, globule vivific
    Fain would I fathom thy nature specific.
    Loftily poised on ether capacious
    Strongly resembling a gem carbonaceous. -- Anon
    Walter Roberson, Feb 7, 2005
    #2
    1. Advertising

  3. Dan Rice

    Dan Rice Guest

    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:cu8lfr$1no$...
    > I happened to notice in the command reference today some lines indicating
    > that if you had an outside name server that needed to transfer information
    > to inside, that DNS doctoring would not work if you were using PAT.
    >
    > I was unclear to me from the wording whether it was saying that
    > DNS fixups for data from external servers were incompatible with PAT,
    > or if it was obliquely saying that if you were trying to do a DNS
    > Zone transfer pushed from the outside that you couldn't use PAT because
    > the inside DNS server wouldn't be reachable.
    >


    Is that a nice way of telling me I am SOL?
    Dan Rice, Feb 7, 2005
    #3
  4. Dan Rice

    Dan Rice Guest

    The command reference also shows a 'DNS' entry for the NAT command, but
    doesn't really give any information pertaining to its use other than
    "Specifies to use the created translation to rewrite the DNS address
    record."
    Dan Rice, Feb 7, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rik Bain

    DNS Doctoring conversion?

    Rik Bain, Nov 10, 2003, in forum: Cisco
    Replies:
    2
    Views:
    2,415
    Walter Roberson
    Nov 10, 2003
  2. Cool Guy Bri

    DNS Doctoring with a cisco router

    Cool Guy Bri, Nov 25, 2003, in forum: Cisco
    Replies:
    2
    Views:
    2,596
    Cool Guy Bri
    Nov 26, 2003
  3. Chris

    DNS Doctoring

    Chris, Dec 19, 2003, in forum: Cisco
    Replies:
    2
    Views:
    786
    Chris
    Dec 19, 2003
  4. grzybek

    DNS doctoring

    grzybek, Feb 10, 2004, in forum: Cisco
    Replies:
    0
    Views:
    540
    grzybek
    Feb 10, 2004
  5. Rudyard Shackleton

    PIX DNS doctoring with 2003 server

    Rudyard Shackleton, Jun 6, 2005, in forum: Cisco
    Replies:
    3
    Views:
    1,245
    Jyri Korhonen
    Jun 7, 2005
Loading...

Share This Page