Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Inbound DNS traffic through ACL

What is the best way to configure an ACL in the router to let DNS traffic pass from the internet to the internal network? I emphasize that internal network uses private ip addresses and that the router is doing NAT overload.

I have tried various configurations, I mean - the thing is working, I just want to know the opinion of the guys who have been doing this for years. :)

  • Other Security Subjects
1 REPLY
Silver

Re: Inbound DNS traffic through ACL

Hi,

Here's what I normally do, I normally never let dns request enter an inside server directly. I prefer to use so-called split dns. One dns server internally and one externally (preferable connected to a dmz). In that case you just configure dns lookup requests and dns zone transfers to and from your external dns on your dmz, and only allow dns lookups from you inside server to your dmz server.

Kind Regards,

Leo

262
Views
0
Helpful
1
Replies