We recently installed an ASA 5510 with an inside and DMZ network. There is a Windows SMTP server on the inside, and multiple Windows 2000 Servers on the DMZ side.
DNS Doctoring is setup and working on both sides, DNS servers are on the Internet.
The DMZ servers can no longer send email destined to the SMTP server on the inside network. The problem is the DNS MX reply returns the public IP, not the proper private IP. However, the DNS MX record resolves fine for that server on the inside network with a NSLookup, and all other traffic.
After a lot of head banging, I found that DNS translation works over UDP, but if I force NSlookup to use DNS over TCP, the translation doesn't happen. The SMTP DNS request is being sent over TCP for some reason, which I haven't been able to affect. I have turned off the maximum 512 byte DNS limitation, but that still didn't allow the UDP version to go through.
Does anyone know how to force the DNS translation to happen when the computer resorts to DNS over TCP?
I can post the relative config if it will help.
I'll appreciate any help or suggestions anyone can provide. - Thanks!