DNS problem, suspect PIX conf

Discussion in 'Cisco' started by grzybek, Jan 29, 2004.

  1. grzybek

    grzybek Guest

    Hi,
    I have problem with DNS in inside network seperated by PIX firewall.
    I have several domains directed to static addresses and if I use ping
    command
    to specific address, DNS show me inside address not external ( global ).
    If I ping to that address from PC outside my network ( from Internet )
    it is ok.
    The same situation repeated even if I am connected to seperate subnetwork
    ( don't have access to inside ) in PIX and I use exterrnal DNS server.
    I ping to any servers and I see addresses from internal network 10.0.0.0/8
    class

    --------------------
    Outline



    inside ------ PIX ----------- outside ( 217.133.x.x )
    10.10.10.x /24 |
    X = 10.10.10.5 |
    | net1
    10.10.5.x /24

    ( PC from net1 have not access to inside )
    Server X has static address 217.133.x.y and domain www.dziura.org and in
    inside network 10.10.10.5
    From my PC ( 10.10.10.8) I ping for www.dziura.org and I see 10.10.10.5 IP
    address.
    From my PC ( 10.10.5.4) from seperate net1 network I ping www.dziura.org
    and I see 10.10.10.5 IP address ( time out of course )

    It is independent on using DNS server. I have problem with each domain.


    -----------end outline ------


    We have DNS servers inside and outside PIX.

    I would like to see correct global IP address of these servers

    I suspect conf on my PIX, I don't know.

    PIX IOS 6.3

    Thanks in advance.
    grzybek
     
    grzybek, Jan 29, 2004
    #1

    1. Advertisements

  2. grzybek

    Chris Guest

    The PIX is doctoring the DNS requests from the server. When the reply comes
    from the DNS server through the PIX with the correct external address, the
    PIX will be changing that address to the internal address because it has a
    static NAT rule for that server and is set up to 'alias' the IP address.

    Chris.
     
    Chris, Jan 30, 2004
    #2

    1. Advertisements

  3. grzybek

    grzybek Guest

    OK, but I did not set up 'alias' command.
    PIX behaved as though this command was set.

    grzybek
     
    grzybek, Jan 30, 2004
    #3
  4. grzybek

    Richard Deal Guest

    There is also an option in the "static" and "nat" commands for "dns", which,
    if specified, does DNS doctoring.

    You might want to scan for this.

    Cheers!

    Richard
     
    Richard Deal, Jan 30, 2004
    #4
  5. grzybek

    Chris Guest

    If you are on software version 6.3(1) then it might be a bug as I have the
    same problem. Could be time for an upgrade.

    Chris.
     
    Chris, Jan 30, 2004
    #5
  6. grzybek

    grzybek Guest

    Thanks, upgrade solved the problem.

    Regards,
    grzybek
     
    grzybek, Feb 2, 2004
    #6

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. PIX - PIX VPN DNS Problem

  2. Port Forwarding -> Special Conf for PIX

  3. Cat 6006 atm conf problem

  4. Dramatic pause in PIX 7.0(2) after 'q' on page break in sh conf

  5. Outlook 2002 - Data is SUSPECT error - Please help

  6. HELP!!suspect my laptop infected by "MSBlaster"

  7. Split DNS with PIX-to-PIX VPNs?

  8. PIX 501 relay client DNS requests out to an internet DNS server?

Loading...