DNS rewrite

Unanswered Question
Jul 3rd, 2009
User Badges:


I have a 5520 failover pair running 8.0(4). There are physical interfaces connected to inside and outside, two DMZ logical interfaces and a logical interface to a services network.

There is a static translation from outside to a DMZ-I host...

static (DMZ-I,outside) externaladdress dmzaddress dns

The global policy is enabled on all interfaces with DNS inspection. Our DNS servers of parent organisation are located on our services link.

If I query a dns server located on the outside(internet) I get a dns rewrite response with the DMZ-I address.

When I query DNS servers on our services link the response is not rewritten.

Is this expected behaviour as the static is on a different interface to the DNS response?

If so is there a workaround?

Thanks for your help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kureli Sankar Fri, 07/03/2009 - 07:00
User Badges:
  • Cisco Employee,

Your observation is correct. Works as expected or breaks as expected.

You can use destination nat to get around that.

static (dmz,inside) public-ip dmz-1

This will let the inside host access the dmz1 host using public IP address.

lech_2000 Fri, 07/03/2009 - 07:46
User Badges:

thanks for you reply Kusankar, this is further complicated by our proxy server sharing a DMZ address with some sites.

I created a static between the services net and the dmz which is enabling the dns replies to be translated..

static (DMZ-I,SERVICES) externaladdress internaladdress dns

thanks again for your help


This Discussion