DNS Doctoring with PIX

Discussion in 'Cisco' started by Dan Rice, Feb 7, 2005.

  1. Dan Rice

    Dan Rice Guest

    I have upgraded to PIX 6.3(4) and I am trying to use the DNS command in my
    STATIC to access my inside server via domain name. I do not use an internal
    DNS server.

    My question is, am I missing some other command, sysopt or fixup to make
    this work? The static I have does work for outside-inside traffic, but
    still does not 'doctor' the DNS inquiries for inside use. I do have the
    fixup protocol dns maximum-length 512 statement. There really isn't a lot
    of info on using this command in a static. I know there is an alias
    command, but I only have one IP address that I need to forward to two
    servers (mail/web), and its my understanding that alias has to be a
    one-to-one ratio (no port, only IP). Any help would be greatly appreciated.
    I am sure I am missing something stupid.

    Here is my current static:

    static (inside,outside) tcp x.y.z.37 www 192.168.1.1 www dns netmask
    255.255.255.255 0 0
     
    Dan Rice, Feb 7, 2005
    #1
    1. Advertisements

  2. :I have upgraded to PIX 6.3(4) and I am trying to use the DNS command in my
    :STATIC to access my inside server via domain name. I do not use an internal
    :DNS server.

    I happened to notice in the command reference today some lines indicating
    that if you had an outside name server that needed to transfer information
    to inside, that DNS doctoring would not work if you were using PAT.

    I was unclear to me from the wording whether it was saying that
    DNS fixups for data from external servers were incompatible with PAT,
    or if it was obliquely saying that if you were trying to do a DNS
    Zone transfer pushed from the outside that you couldn't use PAT because
    the inside DNS server wouldn't be reachable.
     
    Walter Roberson, Feb 7, 2005
    #2
    1. Advertisements

  3. Dan Rice

    Dan Rice Guest

    Is that a nice way of telling me I am SOL?
     
    Dan Rice, Feb 7, 2005
    #3
  4. Dan Rice

    Dan Rice Guest

    The command reference also shows a 'DNS' entry for the NAT command, but
    doesn't really give any information pertaining to its use other than
    "Specifies to use the created translation to rewrite the DNS address
    record."
     
    Dan Rice, Feb 7, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.