DNS rewrite

Unanswered Question
Jul 3rd, 2009

Hi,

I have a 5520 failover pair running 8.0(4). There are physical interfaces connected to inside and outside, two DMZ logical interfaces and a logical interface to a services network.

There is a static translation from outside to a DMZ-I host...

static (DMZ-I,outside) externaladdress dmzaddress dns

The global policy is enabled on all interfaces with DNS inspection. Our DNS servers of parent organisation are located on our services link.

If I query a dns server located on the outside(internet) I get a dns rewrite response with the DMZ-I address.

When I query DNS servers on our services link the response is not rewritten.

Is this expected behaviour as the static is on a different interface to the DNS response?

If so is there a workaround?

Thanks for your help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kureli Sankar Fri, 07/03/2009 - 07:00

Your observation is correct. Works as expected or breaks as expected.

You can use destination nat to get around that.

static (dmz,inside) public-ip dmz-1

This will let the inside host access the dmz1 host using public IP address.

lech_2000 Fri, 07/03/2009 - 07:46

thanks for you reply Kusankar, this is further complicated by our proxy server sharing a DMZ address with some sites.

I created a static between the services net and the dmz which is enabling the dns replies to be translated..

static (DMZ-I,SERVICES) externaladdress internaladdress dns

thanks again for your help

Actions

This Discussion