Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX/NAT/Dynamic DNS

Is it possible to have client machines inside a PIX sending dynamic dns updates to an AD/DNS server outside the firewall when using NAT? If so, is this supposed to be handled by the normal dns fixup/inspection, or does something have to be specifically configured? Is there any version restriction on the solution (if any)? Thanks.

2 REPLIES
Silver

Re: PIX/NAT/Dynamic DNS

I din't think it is possible to have client machines inside a PIX sending dynamic dns updates to an AD/DNS server outside the firewall when using NAT

New Member

Re: PIX/NAT/Dynamic DNS

Do you have another firewall between the AD/DNS servers and the Internet? If not you could be in for a rude awakening someday!

I don't see the purpose of doing dynamic updates to DNS via NAT, when the address' for the hosts won't be the same for any length of time.

It is always best to separate DNS for internal zones and public zones, otherwise someone with malicious intent will be able to find out the names of your internal hosts.

I know that there are reasons to run both internal and external dns on the same server, but I don't see this in your case.

This may not be the answer that you are looking for, but hopefully it will be worth something to you.

G'Day,

Roger

103
Views
0
Helpful
2
Replies
CreatePlease to create content