07-25-2014 02:55 PM - edited 03-11-2019 09:32 PM
I was researching Static NAT with DNS Modification. Please see the link below. If the User in the example was to do a Reverse DNS lookup (in Step 1) instead of a standard DNS Query, would the NAT rule still modify the reverse lookup IP as it crosses the ASA? My gut is telling me no, since the format for the Reverse Lookup is different (56.2.1.10.in-addr.arpa) than the standard DNS Query Reply format. Does anyone know for certain if this would work?
Solved! Go to Solution.
07-28-2014 01:45 AM
The ASA version below 9.0
Translates the DNS record based on the configuration completed using the static and nat commands (DNS rewrite). Translation only applies to the A-record in the DNS reply. Therefore, reverse lookups, which request the PTR record, are not affected by DNS rewrite.
NAT support for reverse DNS lookups- 9.0(1)
NAT now supports translation of the DNS PTR record for reverse DNS lookups when using IPv4 NAT, IPv6 NAT, and NAT64 with DNS inspection enabled for the NAT rule.Reference
HTH
"Please rate helpful posts"
07-28-2014 01:45 AM
The ASA version below 9.0
Translates the DNS record based on the configuration completed using the static and nat commands (DNS rewrite). Translation only applies to the A-record in the DNS reply. Therefore, reverse lookups, which request the PTR record, are not affected by DNS rewrite.
NAT support for reverse DNS lookups- 9.0(1)
NAT now supports translation of the DNS PTR record for reverse DNS lookups when using IPv4 NAT, IPv6 NAT, and NAT64 with DNS inspection enabled for the NAT rule.Reference
HTH
"Please rate helpful posts"
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: