I had problems using Microsoft DNS servers and PIX. It would work for about a week before I had to reboot the PIX. Cisco could never tell me what was wrong and I finally resolved it by installing BIND to forward all external queries.
Leonard Tan ----- Original Message ----- From: "Lidiya White" To: Sent: Wednesday, April 03, 2002 4:54 PM Subject: RE: DNS and Pix ... very wierd problem [7:40387] > First I would enable "logging buffer error" and check "sh log" from time > to time. The real help would be the sniffer here. If you could install > sniffer on the outside and inside of the PIX and capture DNS packets, > that would be something that will probably give you an answer where the > problem is. > > I had one issue another day where PIX was dropping SYN ACK packets, and > there only way we found the problem is using the sniffer (SYN packet was > apparently bypassing the PIX, when everybody swore that it could not). > > -- Lidiya White > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Justin C > Sent: Wednesday, April 03, 2002 3:20 PM > To: [EMAIL PROTECTED] > Subject: DNS and Pix ... very wierd problem [7:40387] > > Group, > > The Pix 501 is running the default NAT/PAT configuration. Through it, I > can > check email using Outlook to talk to an Exchange Server, telnet and SSH > to > devices, and browse the web provided I type in the ip address of the web > > server. All requests for URL translation by a DNS server fail. The IP > configuration (addresses, gateways, DNS servers) are correct. The Pix > is > direct to the cloud with only one PC behind it. > > Using Debug Packet, I have confirmed that requests for DNS translations > go > out and come back to the Pix (on the outside interface), but they do not > > seem to make it back to the host that originated the request. The code > is > 6.1(1), and I have contacted TAC. With SSH, TAC has inspected the box > and > cannot see a problem with the configuration. Nor can they explain why > this > is occuring. Before sending it back to Cisco for a replacement, I > thought I > would ask here to see if anyone has run across this. > > There are no access-lists or conduit statements, but Cisco (the Pix > literature) and Cisco Press (Cisco Secure PIX Firewalls) say that they > are > unnecessary for this very simple setup. > > My thanks in advance for your time and input. > > Regards, > > Justin > > _________________________________________________________________ > MSN Photos is the easiest way to share and print your photos: > http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40413&t=40387 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]