On Fri, 24 Mar 2000, Daniel Crichton wrote:
> On 18 Mar 00, at 15:05, John Adams wrote:
>
> > This is a problem that alot of people face. Wouldn't it make far more
> > sense if the PIX masqueraded as a DNS server (some feature that could be
> > turned on) and if it recieves a udp/tcp connection on port 53, it looks at
> > the packet and proxies it and the response to the appropriate inside
> > server?
>
> This is what the alias command does! It modifies the DNS packets for
> requests from the inside only (as far as I can tell in my testing) but doesn't
> allow it for requests from the outside (which is where I need it too). If it could
> do both then I could use DMZ addresses in the DNS servers and have the
> PIX translate them for requests from the outside and from the inside, but in
> 4.4(1) it only does this for requests from the inside. Hence my need to use
> multiple DNS servers or the hosts file. Damn.
Nope, the alias command manipulates dns packets that are returning from
the outside when an inside host requests host name resolution from an
external DNS server.
I'm looking at something where the DNS server is still on the inside, and
you ricochet the dns request off the PIX. If this is how it works
currently and I'm wrong, I should go back and reconfigure my PIX, but I
don't think this is how it works.
-john
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
