O Yes!!!!! -- Curious
MCSE, CCNP ""Roberts, Larry"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Does your access-list look like this: > > Access-list 100 permit udp any host a.b.c.d eq domain > > Where a.b.c.d is the EXTERNAL address ? That is what I see wrong most often. > > Thanks > > Larry > > > -----Original Message----- > From: Curious [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, September 10, 2002 3:41 PM > To: [EMAIL PROTECTED] > Subject: Re: DNS Behind the firewall [7:53016] > > > I am Permitting UDP / TCP port 53 on my access list on Outside Interface. > Clients from the Internal LAN are able to resolve names but Internet Clients > or Client on External or public LAN can not resolve DNS name, one thing i > also noticed, Hit counter for access-list entry for DNS server was 0, > although there was correct entry in translation table and there was no > typing mistake in access-list. > > > -- > Curious > > MCSE, CCNP > ""Mark W. Odette II"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Be sure you have the permit statement for DNS(53) applied to the > > outside interface via access-list. Unless you put the DNS server in a > > DMZ, you shouldn't really need access-lists applied to the inside > > interface IMO. > > > > Whether or not you have a web server that is also running on the same > > machine as DNS, or a mail server, you will need to make sure you put a > > public address A record for said server in your DNS zone along with > > however you choose to resolve the WWW/SMTP/POP3 Server on the > > inside.... or implement the alias command on the PIX to have the PIX > > auto-magically modify inside DNS requests to the public-addressed host > > so that you resolve to its private address. > > > > Caveat to the alias command though is that with it in place, you can > > only use the PIX PDM in Monitor mode- PDM doesn't support Alias > > statements... You'd think Cisco would change that in the next update > > to the PDM. HINT HINT Cisco!!?!? :) > > > > > > Hope that helps. > > > > Mark > > > > -----Original Message----- > > From: Curious [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, September 10, 2002 2:06 PM > > To: [EMAIL PROTECTED] > > Subject: DNS Behind the firewall [7:53016] > > > > My Company's DNS server resides on our External LAN (our Public LAN), > > yesterday we move it to our Private LAN (Behind our PIX 515), and > > Nated its Public IP address with its new Private IP Address in the > > Firewall and Open > > Port 53. > > After all that move and settings we were able to resolve domain names > > from > > Private LAN but not from Public Lan or Internet. > > Please let me know if some one has any idea Y.......? > > > > > > > > Curious > > > > MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53033&t=53016 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
