Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

DNS server in the DMZ

Hello,

We have a PIX firewall and We are thinking to move our external DNS server to our DMZ. We're using DNS Doctoring:

static (dmz,outside) DMZ_server1_public_IP DMZ_server1_private_IP netmask 255.255.255.255 dns

static (dmz,outside) DMZ_server2_public_IP DMZ_server2_private_IP netmask 255.255.255.255 dns

If I specify our DMZ hosts private IP address to the DMZ DNS server, It will work fine when an external user try to resolve a DNS name. For example, if an external user try to resolve our server1 DNS name, He will get the correct public IP address or He will get the private IP address specified in the DNS server?

Best Regards,

1 REPLY
Community Member

Re: DNS server in the DMZ

This is more a DNS question than a firewall question.  The querying device would receive whatever IP address you have configured in the zone file.  If you have your private IPs configured, that's what it would get in response.

397
Views
0
Helpful
1
Replies
CreatePlease to create content