Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX and DNS Forwarding

Hi,

Is it possible to forward DNS requests addressed to a PIX inside interface out to ISP's DNS?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: PIX and DNS Forwarding

Officially, PIX is not designed to do so. But we can make it work by using following commands-

Suppose that ISPs DNS server IP is 4.2.2.2 and PIX inside interface IP is 1.1.1.1. In this case, try following commands:

static (outside,inside) udp interface 53 4.2.2.2 53

clear xlate

Now all the UDP port 53 requests, which are DNS requests, when directed to PIX's inside interface IP, PIX will redirect them to udp (53) on the ISP's DNS server.

Hope this works for you.

Regards,

Vibhor.

5 REPLIES
Silver

Re: PIX and DNS Forwarding

Do you mean to say that internal hosts are using PIX inside interface as a DNS server IP? Or is it that PIX is acting as a DHCP server for the internal clients?

New Member

Re: PIX and DNS Forwarding

Hi

I meant that internal PCs use PIX inside interface as a DNS server. In this case, the PIX should forward DNS requests to ISP's

DNS. Question: Can PIX do it?

Silver

Re: PIX and DNS Forwarding

Officially, PIX is not designed to do so. But we can make it work by using following commands-

Suppose that ISPs DNS server IP is 4.2.2.2 and PIX inside interface IP is 1.1.1.1. In this case, try following commands:

static (outside,inside) udp interface 53 4.2.2.2 53

clear xlate

Now all the UDP port 53 requests, which are DNS requests, when directed to PIX's inside interface IP, PIX will redirect them to udp (53) on the ISP's DNS server.

Hope this works for you.

Regards,

Vibhor.

New Member

Re: PIX and DNS Forwarding

Hello Vibhor,

Thank you for your help. I have just tried that command in small lab environment:

PC (192.168.2.2/29) --> PIX_inside (192.168.2.1/29) - PIX_outside(192.168.1.2/24) --> 2610_e0/0 (192.168.1.1/24)

I don't have an outside DNS server in the lab; therefore, to test it:

- 2610:

ip http server

ip http port 53

debug ip tcp packet

- PIX:

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

global (outside) 1 interface

static (outside, inside) tpc interface 80 192.168.1.1 53

- PC

http://192.168.1.1

Debug output on 2610 indicates that http traffic reaches the router; howerver, PIX does not translate port from 80 to 53:

00:21:41: tcp0: I LISTEN 192.168.1.2:1034 192.168.1.1:80 seq 2926118896

OPTS 8 SYN WIN 64512

Any idea how to check what is going on the PIX?

Thanks

Vadim

New Member

Re: PIX and DNS Forwarding

Hello Vibhor,

Please ignore my last update. The command you have posted is working! (I just did not test it correctly)

Thank you so much!

Vadim

870
Views
0
Helpful
5
Replies
CreatePlease login to create content