DNS and static address

John Blakley · ‎05-18-2009

This morning, as a test, I did the following:

ASA internal ip address: 10.20.0.1

Workstation address: 10.20.0.50

I set the workstation's DNS server as 10.20.0.1

In the ASA I did:

static (outside,inside) udp interface 53 4.2.2.1 53 netmask 255.255.255.255

I could browse the web. My question is the fact that I don't own the 4.2.2.1 address, as that's Verizon's DNS server. To Verizon, would that look like 4.2.2.1 is querying their own DNS server? Am I, in effect, spoofing an address that they own, or am I really just forwarding the 53/udp traffic out TO 4.2.2.1 as my public address that's assigned to my ASA's outside interface? Just curious. (I didn't leave this in production.)

Thanks,

John

HTH, John *** Please rate all useful posts ***

acomiskey · ‎05-18-2009

No, you are only translating the destination address. The source address is still whatever you are nating it to. If you were translating to 4.2.2.1 the return traffic would never make it back to you.

John Blakley · ‎05-18-2009

I asked Cisco TAC this same question on Saturday though, and they said that it couldn't be done. I'm just wondering if this is something that's safe to leave in place because it provided a VERY nice workaround. :)

HTH, John *** Please rate all useful posts ***