DNS rewrite and zone transfer

Unanswered Question
Jun 11th, 2008
User Badges:

Hi,


I have inside dns server that contains records with private ip addresses. My ASA firewall is responsible for rewriting dns requests from outside hosts.


Now i need to make zone transfer between insde DNS server and DNS server that is placed on outside network.


My concern is that, outside DNS server will receive data with private addresses.


Can ASA firewall rewrite whole dns zone transfer so that outside DNS server receives data with public adresses.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hadbou Tue, 06/17/2008 - 10:41
User Badges:
  • Bronze, 100 points or more

When DNS inspection is enabled, DNS rewrite provides full support for NAT of DNS messages originating from any interface.If a client on an inside network requests DNS resolution of an inside address from a DNS server on an outside interface, the DNS A-record is translated correctly. If the DNS inspection engine is disabled, the A-record is not translated.


Refer the following url which explains the configuration of DNS Rewrite in detail:

http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/inspect.html#wp1335922

Actions

This Discussion