My external DNS servers are on a PIX DMZ interface and they support multiple Web and Application servers on the same phyical subnet. When one of these servers attempts to access a site ON THE SAME PHYSICAL SUBNET, the DNS query resolves to an external address and the connection fails.
I have an ALIAS statement but this does not work in this instance becuase the lookup does not go through the PIX. If I use NSLOOKUP and attach to a DNS server on the outside of the PIX, the ALIAS commands takes over and things work properly.
I suppose I could make these servers use someone elses DNS (external to the PIX), but I'd rather use my external DNS servers.
You can try hosts file solution if the application is running on a server that is NOT running DNS. Add your DMZ host names with their local IP to the hosts file.
Even for the DNS server hosts file may be used at a higher priority for resolver but but external DNS queries may be answered from the DNS databases.
This solution is suitable for only a few servers. If you have several computers consider running an internal DNS which resolves the DMZ names to local IP and forward/resolve the rest to global IP. The other will continue to serve the public accesses from DMZ.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...