First of all I am not PIX firewall guru. But I have done my fare share with
nat with frame relay links and isdn. So this should pertain to the PIX also.
But basically what you would have to do is tell the NAT device be it a pix
or a router to forward all port 53 traffic to the private ip address on the
inside. There ore tons of people doing this with dsl and cable modem
connections also. Also you must have 2 dns servers to register with the
internic not just one. But anyway here is the command below to do what I
described above with nat.
ip nat inside source static tcp 192.168.0.1 53 209.x.x.x 53 extendable
Bascially what you are doing is telling the router to foward all traffic
that comes in on port 53 on the outside address of 209.x.x.x forward that to
192.168.0.1 your dns server. And that will do it.
Hope this helps.
Elijah
Stop by www.digitalrage.org the forums section
and join one of the coolest tech sites out.
Did I mention no banners and free tech support.
-----Original Message-----
From: Joe Schnerd [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 08, 2001 4:07 PM
To: [EMAIL PROTECTED]
Subject: Re: PIX Nat vs. IOS Nat for DNS
I have a question along the same line...
If I have a single DNS behind NAT and I want to change it's IP to 10.x.x.x,
how does NAT/Firewall know to forward the request to that address and how
would I register with Network Solutions so that there is a "virtual" name
server? Any suggestions/ideas?
I've been looking at some sample NAT configs, but nothing really addresses
the DNS aspect.
Any help would be greatly appreciated.
Jeff
"Brian Bieber" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> My question is about DNS queries through the PIX and the IOS w/NAT.
>
> This is taken from the Cisco web site.
>
> http://www.cisco.com/warp/public/458/41.html#Q21
> <http://www.cisco.com/warp/public/458/41.html#Q21>
> Q: Does Cisco IOS NAT support DNS queries?
> A: Yes, Cisco IOS NAT will translate the address(es) which
> appear in DNS responses to name lookups (A queries) and inverse lookups
(PTR
> queries). Thus, if an outside host sends a name-lookup to a DNS server on
> the inside, and that server responds with a local address, the NAT code
will
> translate that local address to a global address. The opposite is also
true,
> and is how we support IP addresses overlapping: an inside host queries an
> outside DNS server, the response contains an address that matches the
> access-list specified on the "outside source" command, so the code
> translates the outside global address to an outside local address.
> Time-to-live (TTL) values on all DNS resource records (RRs)
> which receive address translations in RR payloads are automatically set to
> zero.
> Cisco IOS NAT does not translate IP addresses embedded in
> DNS zone transfers.
>
> My question is how do I achieve this in the PIX?
>
> Thanks
> Brian Bieber
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
