Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1365
Views
0
Helpful
2
Replies

PIX and Inside DNS server

rajankumaresan
Level 1
Level 1

‎02-21-2002 11:11 PM - edited ‎02-20-2020 09:59 PM

hi,

Everything fine when DNS is Outside.If i place a DNS in INSIDE, i cant able to even browse and does not reslove.

i have enabled fixup protocol domain 53, static mapped, access-list for UDP configured..

where i am wrong?.

I am using alias command for my INSIDE Webservers..do i need to remove alias and check?

Pls help......

0 Helpful
2 Replies 2

eenest
Level 1
Level 1

‎02-22-2002 01:06 AM

Rajan,

First - disable fixup DNS that's not for your scenario.

Second - your DNS server should not be NATed, or it'll be definitely non-authoritative and "possibly" lame.

Place it on DMZ and use "nat 0" with proper access lists.

Third - it's recommended to disable the zone transfer to all except the servers listed as NS for that zone.

Fourth - be sure that you have the latest BIND (Unix/Linux/etc) or NT2K with the latest security patches installed.

0 Helpful

rajankumaresan
Level 1
Level 1
In response to eenest

‎02-22-2002 02:52 AM

thanks...

I hv an internal network of 10.10.X.X in Local.

i hv nated Nat (inside) 1 0 0 0 0

i hv webserver which is nated and local ip is 10.10.1.135.

My Local DNS server ip is 10.10.3.150. ..can i just add Nat (inside) 0 10.10.3.150 255.255.255.0 0 0

is it possible?

I dont hv DMZ at right now...Is it not possible to Place DNS in INSIDE?

i am using WINDOWS 2000 Advanced Server for DNS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card