- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: RE: DNS Lookups using PIX 6.2.2 posted 11/15/2002
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

You need to use the alias command to "fix" the DNS response...


-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
Sent: Friday, November 15, 2002 12:24 PM
To: Walker, Todd; CCIElab@xxxxxxxxxxxxxx
Subject: Re: RE: DNS Lookups using PIX 6.2.2

There is one External DNS server in the 3rd parties network,
There are many inside PC's that need to do lookups on this server
We are running out of addresses for the actual DNS lookups (the 
IP address received from the DNS server) 

Using Static, as far as I can tell you have to map the whole 
class of addresses, i.e the class C inside network to 
the class C outside network  The external company 
has approx 6 class C networks that the DNS names could look up 
to, therefore I would need to use 6 internal class C networks to 
satisfy every possible request, whereas with a pool I would get 
away with about 1 quarter of a class C.

When using the Global (inside) commands the addresses come 
through unnat'ed, I mean that if I do a lookup on to the external DNS server from an internal PC  
I get the address come back (the real outside 
address) instead of the 172.1.2.x


>I still don't get it.
>There's ONE external DNS server? 
>You have many internal PC's that want to query it?
>Where are you running out of IP addresses? Internal? External 
pool for NAT?
>-----Original Message-----
>From: djtowns@xxxxxxxxxxxx [mailto:djtowns@xxxxxxxxxxxx]
>Sent: Friday, November 15, 2002 7:15 AM
>To: Stong, Ian C [GMG]; ccielab@xxxxxxxxxxxxxx
>Subject: RE: DNS Lookups using PIX 6.2.2
>We have a bunch of PC's on our inside network, they access an 
>external company via a PIX 525 firewall running 6.2.2 software.
>There is now a requirement for the PC's to perform DNS lookups 
>to the 3rd party companies DNS server sat off the outside 
>The problem is that we need to be able to use a global pool of 
>addresses to cut down on the number of required inside 
>to satisfy the DNS lookups.
>     PC ---- PIX ------ DNS Server
>        Inside   outside
>I was expecting the following config to work - but it dosn't !!
>  global (inside) 2 netmask
>  nat (outside) 2 dns outside
>requests still come through un nat'ed 
>Help !!!!!
>>Haven't done it - but am curious what specifically you are 
>trying to do?
>>Looks interesting and something I'd like to try - once I 
>understand what it
>>means :)
>>-----Original Message-----
>>From: djtowns@xxxxxxxxxxxx [mailto:djtowns@xxxxxxxxxxxx]
>>Sent: Friday, November 15, 2002 7:36 AM
>>To: ccielab@xxxxxxxxxxxxxx
>>Subject: DNS Lookups using PIX 6.2.2
>>Has anybody had any experience on configuring a PIX to NAT DNS 
>>queries from an outside DNS server to an inside range.
>>I can get this working using static :
>>static (inside,outside) dns netmask 
>> 0 0
>>however I need to get this working using the Global and NAT 
>>commands to save on addressing space, has anyone had any 
>>with this ???