Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

DNS in DMZ!

We are in the process of replacing our old dns servers. Currently they reside on the internal network with static translations.

We are looking at placing the new dns servers in the dmz off a pix515e with static translations.

My question is how well will dns work in the dmz, and what problems if any may result?

Thanks!

1 REPLY
Silver

Re: DNS in DMZ!

DNS will work well in the dmz, provided that your pix is configured properly to send and recieve dns traffic. Using statics is the best way to do that.

The biggest issue that you will face is if the same dns servers are used for both internal and external users .

If they are just for external only or internal use only (but not both_ then you should be all right, provided that they provide the same service now and all you will do is move them.

If the dns server move will also accomodate both internal and external users then you may need to setup dns aliasing where the pix will modify the dns reply's A records.

What version of code is running on the pix determines best how to do dns aliasing. There are some excellent examples in cisco's tech doc site for just this type of setup.

234
Views
0
Helpful
1
Replies
CreatePlease to create content