What is the best way to configure an ACL in the router to let DNS traffic pass from the internet to the internal network? I emphasize that internal network uses private ip addresses and that the router is doing NAT overload.
I have tried various configurations, I mean - the thing is working, I just want to know the opinion of the guys who have been doing this for years. :)
Here's what I normally do, I normally never let dns request enter an inside server directly. I prefer to use so-called split dns. One dns server internally and one externally (preferable connected to a dmz). In that case you just configure dns lookup requests and dns zone transfers to and from your external dns on your dmz, and only allow dns lookups from you inside server to your dmz server.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...