On 18 Mar 00, at 15:05, John Adams wrote:
> This is a problem that alot of people face. Wouldn't it make far more
> sense if the PIX masqueraded as a DNS server (some feature that could be
> turned on) and if it recieves a udp/tcp connection on port 53, it looks at
> the packet and proxies it and the response to the appropriate inside
> server?
>
> Then, when the response comes back, it rewrites any IP addresses that
> have existing conduits back to the inside address.
>
> It makes sense, and wouldn't be too hard to implement. As long as it was
> only supported for the inside interface, you'd be set.
This is what the alias command does! It modifies the DNS packets for
requests from the inside only (as far as I can tell in my testing) but doesn't
allow it for requests from the outside (which is where I need it too). If it could
do both then I could use DMZ addresses in the DNS servers and have the
PIX translate them for requests from the outside and from the inside, but in
4.4(1) it only does this for requests from the inside. Hence my need to use
multiple DNS servers or the hosts file. Damn.
Dan
---
D.C. Crichton email: [EMAIL PROTECTED]
Senior Systems Analyst tel: +44 (0)121 706 6000
Computer Manuals Ltd. fax: +44 (0)121 606 0477
Computer book info on the web:
http://computer-manuals.co.uk/
Want to earn money? Join our affiliate scheme!
http://computer-manuals.co.uk/affiliate/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
