DNS server in the DMZ

Unanswered Question
Mar 2nd, 2010


We have a PIX firewall and We are thinking to move our external DNS server to our DMZ. We're using DNS Doctoring:

static (dmz,outside) DMZ_server1_public_IP DMZ_server1_private_IP netmask dns

static (dmz,outside) DMZ_server2_public_IP DMZ_server2_private_IP netmask dns

If I specify our DMZ hosts private IP address to the DMZ DNS server, It will work fine when an external user try to resolve a DNS name. For example, if an external user try to resolve our server1 DNS name, He will get the correct public IP address or He will get the private IP address specified in the DNS server?

Best Regards,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
chris.cumbaa Mon, 03/15/2010 - 08:21

This is more a DNS question than a firewall question.  The querying device would receive whatever IP address you have configured in the zone file.  If you have your private IPs configured, that's what it would get in response.


This Discussion