DNS and static address

Unanswered Question
May 18th, 2009

This morning, as a test, I did the following:

ASA internal ip address:

Workstation address:

I set the workstation's DNS server as

In the ASA I did:

static (outside,inside) udp interface 53 53 netmask

I could browse the web. My question is the fact that I don't own the address, as that's Verizon's DNS server. To Verizon, would that look like is querying their own DNS server? Am I, in effect, spoofing an address that they own, or am I really just forwarding the 53/udp traffic out TO as my public address that's assigned to my ASA's outside interface? Just curious. (I didn't leave this in production.)



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Mon, 05/18/2009 - 10:27

No, you are only translating the destination address. The source address is still whatever you are nating it to. If you were translating to the return traffic would never make it back to you.

John Blakley Mon, 05/18/2009 - 10:29

I asked Cisco TAC this same question on Saturday though, and they said that it couldn't be done. I'm just wondering if this is something that's safe to leave in place because it provided a VERY nice workaround. :)


This Discussion