Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Hosting DNS behind PIX 515E

I am looking to host my own DNS due to some recent events concerning email delivery. However, before I buy a server and begin configuring I wanted to know if there are any special "gotchas" that exist with the 515E and DNS Hosting.

Also, are there any special commands I need to be aware of to enter on the PIX in order for it to properly pass the UDP traffic.


Community Member

Re: Hosting DNS behind PIX 515E

There was (is) a bug on the FWSM were we had to disable the DNS fixup, but I'm not aware of it on the PIX-515 running 6.x code.

Hope thie helps.

Community Member

Re: Hosting DNS behind PIX 515E

Well, I am no where close to a CCIE in knowledge, but I do know that if you decide to host your DNS using a Windows 2003 box, that you need to make sure that you issue the command:

fixup protocol dns max-length 2048

Windows 2003 doesn't do DNS totally correct and the PIX fixup protocol expects the requests and responses to be rfc compliant. AS such, it expects the request to be no more than 512bytes. Well Microsoft doesn't do rfc compliant all the time, and Windows 2003 will go beyond 512. So, make sure you add the max length to account for the incorrect MS issue.

Community Member

Re: Hosting DNS behind PIX 515E

Thanks all for your input. After many discussions in house and with our ISP the email issue that prompted all of this was an easy fix. Evidently, someone forgot to create the PTR record. DOH!!!

CreatePlease to create content