Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Passing DNS traffics

Hi All,

I'm new to the PIX firewalls.

Currently I have a VPN connection via PIX firewalls between my company and XYZ company. We only have SSH traffic for file transfer between these two sites. I need to forwad all the DNS requests to company XYZ via the PIX firewalls. I have to create a rule to allow TCP port 53 from my internal DNS to their DNS servers...Coorect?

Q: Is there any else I need to do on the PIX?

Thank you for your help...

New Member

Re: Passing DNS traffics

DNS uses UDP port 53 and not TCP port 53.

New Member

Re: Passing DNS traffics

Thats incorrect. DNS uses both TCP and UDP. DNS zone transfers(server to server transfers)use TCP 53, due to the large amount of data being exchanged a reliable protocol is needed. But for regular DNS lookups UDP 53 is used.

Cisco Employee

Re: Passing DNS traffics

Regardless of what port it uses (it does use both TCP and UDP), if you have a LAN-to-LAN tunnel built, and you also have the "sysopt connection permit-ipsec" command in your PIX configuration, then you don't need to build specific access-lists for all the different types of traffic that'll go over the tunnel. As long as the DNS traffic falls within the "interesting" traffic defined by the crypto ACL, then the traffic will flow from site to site.

CreatePlease login to create content