Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Static NAT with DNS Modification - Reverse DNS Lookup

I was researching Static NAT with DNS Modification. Please see the link below. If the User in the example was to do a Reverse DNS lookup (in Step 1) instead of a standard DNS Query, would the NAT rule still modify the reverse lookup IP as it crosses the ASA?  My gut is telling me no, since the format for the Reverse Lookup is different (56.2.1.10.in-addr.arpa) than the standard DNS Query Reply format. Does anyone know for certain if this would work?

 

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/nat_objects.html#wp1141867

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

The ASA version below 9

The ASA version below 9.0

Translates the DNS record based on the configuration completed using the static and nat commands (DNS rewrite). Translation only applies to the A-record in the DNS reply. Therefore, reverse lookups, which request the PTR record, are not affected by DNS rewrite.

NAT support for reverse DNS lookups- 9.0(1)
NAT now supports translation of the DNS PTR record for reverse DNS lookups when using IPv4 NAT, IPv6 NAT, and NAT64 with DNS inspection enabled for the NAT rule.Reference

 

HTH

"Please rate helpful posts"

 

1 REPLY
Silver

The ASA version below 9

The ASA version below 9.0

Translates the DNS record based on the configuration completed using the static and nat commands (DNS rewrite). Translation only applies to the A-record in the DNS reply. Therefore, reverse lookups, which request the PTR record, are not affected by DNS rewrite.

NAT support for reverse DNS lookups- 9.0(1)
NAT now supports translation of the DNS PTR record for reverse DNS lookups when using IPv4 NAT, IPv6 NAT, and NAT64 with DNS inspection enabled for the NAT rule.Reference

 

HTH

"Please rate helpful posts"

 

675
Views
0
Helpful
1
Replies
CreatePlease to create content