Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
281
Views
0
Helpful
2
Replies

PIX/NAT/Dynamic DNS

lowen
Level 1
Level 1

‎04-20-2006 07:17 AM - edited ‎02-21-2020 12:50 AM

Is it possible to have client machines inside a PIX sending dynamic dns updates to an AD/DNS server outside the firewall when using NAT? If so, is this supposed to be handled by the normal dns fixup/inspection, or does something have to be specifically configured? Is there any version restriction on the solution (if any)? Thanks.

0 Helpful
2 Replies 2

sbilgi
Level 5
Level 5

‎04-26-2006 08:02 AM

I din't think it is possible to have client machines inside a PIX sending dynamic dns updates to an AD/DNS server outside the firewall when using NAT

0 Helpful

genghiskhan
Level 1
Level 1

‎04-26-2006 02:41 PM

Do you have another firewall between the AD/DNS servers and the Internet? If not you could be in for a rude awakening someday!

I don't see the purpose of doing dynamic updates to DNS via NAT, when the address' for the hosts won't be the same for any length of time.

It is always best to separate DNS for internal zones and public zones, otherwise someone with malicious intent will be able to find out the names of your internal hosts.

I know that there are reasons to run both internal and external dns on the same server, but I don't see this in your case.

This may not be the answer that you are looking for, but hopefully it will be worth something to you.

G'Day,

Roger

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card