Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Green

CSS dns-server question

When using CSS as a dns server, is it possible for it to resolve a domain name to a private address when requests are coming from inside network? Alternatively it would also have to resolve the same domain name to the public address for external clients. Is this possible? thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: CSS dns-server question

not possible.

If there is a firewall delimiting the inside and outside, it is up to the firewall to catch the dns response and perform the change public->private or private->public.

All Cisco firewalls are able to do this.

This is called dns fixing.

Gilles.

3 REPLIES
Cisco Employee

Re: CSS dns-server question

not possible.

If there is a firewall delimiting the inside and outside, it is up to the firewall to catch the dns response and perform the change public->private or private->public.

All Cisco firewalls are able to do this.

This is called dns fixing.

Gilles.

Green

Re: CSS dns-server question

Ah, didn't even think of that. thanks.

Green

Re: CSS dns-server question

Unfortunately, after doing dns doctoring, the dns entry is changed from inside and outside interfaces, which is not good. I only want it doctored on requests originating from inside. Any ideas? Here's a little more info, CSS is in dmz. I would prefer to use private dmz addresses for access to servers from the inside. But the CSS resolves to public address. I can configure the ASA with destination nat which would allow inside clients to use public addresses, but if I do that I can't use public AND private addresses at the same time. thanks.

129
Views
0
Helpful
3
Replies
CreatePlease to create content