I have an ASA 5510 that has a route statement in it for a specific class C IP block which routes requests to that address space over our inside network - we have a private link into that third-party network. This works fine for most uses, except for our DNS. Our DNS external resolvers need to access to servers on the third-party network over the public interface in order to get name resolution to work. Due to a lack of information we can't simply narrow the route statement in the ASA down so the address the DNS servers are trying to query is not included - we don't know, and have no way of finding out, which specific IP's in the class C need to go over our internal network, and which need to be routed through the public networks (it's complicated, but what it boils down to is that my boss said no, we can't).
So my question is this: is there any way to get the ASA box to route all traffic coming FROM our DNS servers to the third-party network out over the public link? I can set up a separate port on the ASA with a different security level or whatever if that would help, but I haven't been able to figure out how to make it work myself. At the moment the only thing we can think to do is to put the DNS servers outside the ASA so the ASA doesn't route any traffic for them, but this would leave them without the firewall protection of the ASA, which we don't really want. Any suggestions?