Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DNS Doctoring

I have a PIX version 6.1. My web server and DNS server are on the inside of the PIX. My internal clients cannot reach the web server using it's public address or domain name.

Is there any way that I can use the alias command or anything else to do dns doctoring when the dns server is on the inside interface of the pix? I don't want to add a second dns server to resolve to private addresses or move the dns server to the outside or dmz if I don't have to.

Any help appreciated greatly.

Thanks

  • Other Security Subjects
4 REPLIES
New Member

Re: DNS Doctoring

Hi,

you can use the alias command : alias(inside) internal ip external ip, , or you can resolve your name in private address for the internal machines...

look this:

http://www.cisco.com/warp/public/110/alias.html

Bye,

Graz.

New Member

Re: DNS Doctoring

You cannot use any command in the PIX. If your DNS server, WEB server and the clients using them are on the same network, they are not controled by the PIX. They communicate directly. In a network that is small, you can use the client's host table to define the web servers name to inside address, otherwise you must place the PIX between the WEB server and it's clients(DMZ). Another solution would require a router between the PIX and the inside network.

New Member

Re: DNS Doctoring

No it's Wrong ! Host in inside demand to the Dns Where is the www.example.com the DNS resolve it to 65.65.64.64 ( Public Adress ) and THE PIX can say : If someone in inside want to connect to 65.65.64.64 so it must go on the Inside Private IP address

It 's Clear on the CCO Alias Command Reference

New Member

Re: DNS Doctoring

On careful reading of the Command Reference I see that in both examples, the DNS reply crosses the PIX because the DNS server is outside. In this senario the DNS reply doesn't, it goes directly to the client.

Ron

274
Views
0
Helpful
4
Replies
This widget could not be displayed.