I have set up a Cisco 675 (running CBOS 2.4.7) to pass DNS queries through to an internal DNS server via this command:
set nat entry add 10.0.0.100 53 udp
When I query from the outside, all "A" record queries are returned with the ip address of the router in the answer section, so if the router's outside ip address were 11.22.33.44:
dig @11.22.33.44 http://www.example.com +short
would return 11.22.33.44 as the answer rather than the ip address specified by the DNS server. I have placed a packet sniffer between the 675 and the DNS server and verified that the DNS server returns the correct address.
Queries originating from within and answered outside behave normally.
I cannot find this behavior documented anywhere. Is there a way to turn this off? It seems this would be a bug because it prevents running a DNS server on the inside of a 675 that can respond to outside queries properly.