Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

DNS and static address

This morning, as a test, I did the following:

ASA internal ip address: 10.20.0.1

Workstation address: 10.20.0.50

I set the workstation's DNS server as 10.20.0.1

In the ASA I did:

static (outside,inside) udp interface 53 4.2.2.1 53 netmask 255.255.255.255

I could browse the web. My question is the fact that I don't own the 4.2.2.1 address, as that's Verizon's DNS server. To Verizon, would that look like 4.2.2.1 is querying their own DNS server? Am I, in effect, spoofing an address that they own, or am I really just forwarding the 53/udp traffic out TO 4.2.2.1 as my public address that's assigned to my ASA's outside interface? Just curious. (I didn't leave this in production.)

Thanks,

John

HTH, John *** Please rate all useful posts ***
2 REPLIES
Green

Re: DNS and static address

No, you are only translating the destination address. The source address is still whatever you are nating it to. If you were translating to 4.2.2.1 the return traffic would never make it back to you.

Re: DNS and static address

I asked Cisco TAC this same question on Saturday though, and they said that it couldn't be done. I'm just wondering if this is something that's safe to leave in place because it provided a VERY nice workaround. :)

HTH, John *** Please rate all useful posts ***
113
Views
0
Helpful
2
Replies
CreatePlease to create content