I have a NAT address that I would like to apply DNS rewrite to. For example, 192.168.42.1 on the inside interface is accessed by going to 192.168.100.1 when on the outside interface. If I have a DNS server on the 192.168.42.0 network on the inside and query the DNS name example.example.com from the outside the DNS response will get translated from 192.168.42.1 to 192.168.100.1 by my PIX with sw version 6.3. However, it appears that when my offsite DNS replication partner does a Zone Transfer, the translation does not happen, and example.example.com ends up pointing to 192.168.42.1 on my offsite DNS server which is not a reachable address. I can't just turn off DNS Rewrite because I need inside users and outside users to use the same DNS name but receive different IP resolved addresses depending on whether they are inside or outside when they make the query. Is this possible? Am I wrong in thinking Zone Transfers are bypassing the DNS rewrite? Thank you!
Zone transfers are not included in the DNS rewreite feature either by using the alias command or the dns option on the static command. You'd have to do some sort of destination NAT on your off-site users (or whoever uses your off-site DNS server) and NAT any packets destined to 192.168.100.1 and actually send them to 192.168.42.1. Of course if all these users are in different locations this'll get messy, but the PIX is not going to rewrite the zone transfer traffic, sorry.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :