allocate a public DNS server in a private DMZ

s.tecnico · ‎01-17-2002

Hi everyone. I've got a PIX firewall with 3 dmz, an inside network and the outside,

In one of the dmz I want to allocate a public DNS server with private IP address configured, so I

translate this IP address to a public one in the PIX firewall. This server must be available from the

internet by public IP address and have to resolve the different domains I've got created by a public IP address

I translate in the PIX firewall. In the other hand I've got another DNS server allocated in the

inside network which replicates with the public server by the private IP address of the dmz network where's allocated, so

the inside DNS resolves de domains to the internal IP and the public DNS server allocated in

the dmz has to resolve the domains by the public IP and the rest of the public domains of the internet.

My main doubt is how to configure the DNS allocated in the dmz to resolve the domains by pubic IP address

when it has a private IP address.

Is there anyone who could help me? Thanks in advanced.

turnbull · ‎01-18-2002

I'm not sure I totally understand your problem but would suggest investigating the ALIAS command as a fix for your situation.

This will help in DNS public/private resolutions.

mlayman · ‎02-04-2002

Setup a conduit using an unallocated public IP address to tie to the DNS machine's private IP address. Then open up port 53 for that conduit.

i.e.:

static (inside,outside) 12.200.100.xxx 192.168.0.5 netmask 255.255.255.255 0 0

conduit permit tcp host 12.200.100.xxx eq domain any

conduit permit udp host 12.200.100.xxx eq domain any

outbound 10 permit 192.168.0.5 255.255.255.255 53 tcp

This should do it,

-Mark