Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

DNS rewrite for non-existent record?

  We are trying to hit a client's web server by their internal name across a vpn.  The name space they are insisting upon using is the same as their public namespace (ex: web1.abc.com).  They are not going to publish this 'web1' record to their public DNS servers.  I would normally use a dns rewrite or alias to have the public record returned as a private IP address so I can hit the 'web1' server across the vpn using the private IP's.  But since they are not going to publish the name to the public DNS, how can I rewrite the response?  It will come back as a non-existent host from the public DNS.  The client isn't going to allow us to hit their internal DNS for name resolution nor will they allow us to create a secondary zone on our internal DNS servers.

Thanks in advance for any suggestions.

Chris

Everyone's tags (5)
3 REPLIES
Cisco Employee

Re: DNS rewrite for non-existent record?

Chris,

Unfortunately the ASA cannot generate or overwrite field at will.

It does overwrite when it inspects and translates, but you cannot configure it to look for a field and change it arbitrarily.

So, I am afraid that if you dns server sends "unknown" the ASA cannot override it or change it.

I hope it clarifies it a little.

PK

Community Member

Re: DNS rewrite for non-existent record?

Thanks for the confirmation.  I figured that was the case.  Anyone have a good idea on how to work around this issue using another method?

Thanks,

Chris

Cisco Employee

Re: DNS rewrite for non-existent record?

Hi Chris,

It may not be a very scalable solution if you have many clients that will access this server, but you could add the server's private IP address to each of the client's hosts file. This way, the clients would resolve the server's name via the hosts file and not bother with DNS.

Hope that helps.

-Mike

436
Views
0
Helpful
3
Replies
CreatePlease to create content