I have just put a web server into a DMZ zone behind a PIX 520. I have a bunch of users on the inside network and then a card for the outside network.
Our DNS is offsite IE not behind our firewall and we are currently on NT4. So the internal clients have WINS only for internal resolution.
When I ping the website which is being served in the DMZ, from a internal client it was giving me the correct lookup from the external DNS. Of course the client couldn't get to the website as PIX520 6.3 OS does not allow for route going out and back in.
Anyway over night something has happen as the resolution is now the internal NAT address in the firewall and the hosts can now see the website.
My question is this:
Does the pix compensate for this somehow or how do people get the lookup correct for internal client looking at DMZ websites without affect external DNS entries.