DNS rewrite for non-existent record?

Unanswered Question
Jul 14th, 2010
User Badges:

  We are trying to hit a client's web server by their internal name across a vpn.  The name space they are insisting upon using is the same as their public namespace (ex: web1.abc.com).  They are not going to publish this 'web1' record to their public DNS servers.  I would normally use a dns rewrite or alias to have the public record returned as a private IP address so I can hit the 'web1' server across the vpn using the private IP's.  But since they are not going to publish the name to the public DNS, how can I rewrite the response?  It will come back as a non-existent host from the public DNS.  The client isn't going to allow us to hit their internal DNS for name resolution nor will they allow us to create a secondary zone on our internal DNS servers.

Thanks in advance for any suggestions.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Panos Kampanakis Wed, 07/14/2010 - 14:17
User Badges:
  • Cisco Employee,


Unfortunately the ASA cannot generate or overwrite field at will.

It does overwrite when it inspects and translates, but you cannot configure it to look for a field and change it arbitrarily.

So, I am afraid that if you dns server sends "unknown" the ASA cannot override it or change it.

I hope it clarifies it a little.


ccsmith Wed, 07/14/2010 - 19:49
User Badges:

Thanks for the confirmation.  I figured that was the case.  Anyone have a good idea on how to work around this issue using another method?



mirober2 Fri, 07/16/2010 - 08:41
User Badges:
  • Cisco Employee,

Hi Chris,

It may not be a very scalable solution if you have many clients that will access this server, but you could add the server's private IP address to each of the client's hosts file. This way, the clients would resolve the server's name via the hosts file and not bother with DNS.

Hope that helps.



This Discussion