https://community.cisco.com/t5/network-security/pix-and-dns-forwarding/m-p/609863#M1023881 <HTML><HEAD></HEAD><BODY><P>Hello Vibhor,</P><P></P><P>Please ignore my last update. The command you have posted is working! (I just did not test it correctly)</P><P></P><P>Thank you so much!</P><P></P><P>Vadim</P></BODY></HTML> Thu, 08 Mar 2007 07:09:40 GMT vsclear 2007-03-08T07:09:40Z https://community.cisco.com/t5/network-security/pix-and-dns-forwarding/m-p/609858#M1023876 <P>Hi,</P><P>Is it possible to forward DNS requests addressed to a PIX inside interface out to ISP's DNS?</P><P>Thanks</P> Mon, 11 Mar 2019 09:42:47 GMT https://community.cisco.com/t5/network-security/pix-and-dns-forwarding/m-p/609858#M1023876 vsclear 2019-03-11T09:42:47Z https://community.cisco.com/t5/network-security/pix-and-dns-forwarding/m-p/609859#M1023877 <HTML><HEAD></HEAD><BODY><P>Do you mean to say that internal hosts are using PIX inside interface as a DNS server IP? Or is it that PIX is acting as a DHCP server for the internal clients?</P><P></P></BODY></HTML> Wed, 07 Mar 2007 16:26:34 GMT https://community.cisco.com/t5/network-security/pix-and-dns-forwarding/m-p/609859#M1023877 vitripat 2007-03-07T16:26:34Z https://community.cisco.com/t5/network-security/pix-and-dns-forwarding/m-p/609860#M1023878 <HTML><HEAD></HEAD><BODY><P>Hi</P><P>I meant that internal PCs use PIX inside interface as a DNS server. In this case, the PIX should forward DNS requests to ISP's </P><P>DNS. Question: Can PIX do it?</P></BODY></HTML> Thu, 08 Mar 2007 00:48:46 GMT https://community.cisco.com/t5/network-security/pix-and-dns-forwarding/m-p/609860#M1023878 vsclear 2007-03-08T00:48:46Z https://community.cisco.com/t5/network-security/pix-and-dns-forwarding/m-p/609861#M1023879 <HTML><HEAD></HEAD><BODY><P>Officially, PIX is not designed to do so. But we can make it work by using following commands-</P><P></P><P>Suppose that ISPs DNS server IP is 4.2.2.2 and PIX inside interface IP is 1.1.1.1. In this case, try following commands:</P><P></P><P>static (outside,inside) udp interface 53 4.2.2.2 53</P><P>clear xlate</P><P></P><P>Now all the UDP port 53 requests, which are DNS requests, when directed to PIX's inside interface IP, PIX will redirect them to udp (53) on the ISP's DNS server.</P><P></P><P>Hope this works for you.</P><P></P><P></P><P>Regards,</P><P>Vibhor.</P></BODY></HTML> Thu, 08 Mar 2007 00:54:13 GMT https://community.cisco.com/t5/network-security/pix-and-dns-forwarding/m-p/609861#M1023879 vitripat 2007-03-08T00:54:13Z https://community.cisco.com/t5/network-security/pix-and-dns-forwarding/m-p/609862#M1023880 <HTML><HEAD></HEAD><BODY><P>Hello Vibhor,</P><P>Thank you for your help. I have just tried that command in small lab environment:</P><P>PC (192.168.2.2/29) --&gt; PIX_inside (192.168.2.1/29) - PIX_outside(192.168.1.2/24) --&gt; 2610_e0/0 (192.168.1.1/24)</P><P>I don't have an outside DNS server in the lab; therefore, to test it:</P><P>- 2610: </P><P>ip http server</P><P>ip http port 53</P><P>debug ip tcp packet</P><P>- PIX: </P><P>nat (inside) 1 0.0.0.0 0.0.0.0 0 0</P><P>global (outside) 1 interface</P><P>static (outside, inside) tpc interface 80 192.168.1.1 53</P><P>- PC</P><P><A class="jive-link-custom" href="http://192.168.1.1" target="_blank">http://192.168.1.1</A></P><P></P><P>Debug output on 2610 indicates that http traffic reaches the router; howerver, PIX does not translate port from 80 to 53:</P><P></P><P>00:21:41: tcp0: I LISTEN 192.168.1.2:1034 192.168.1.1:80 seq 2926118896</P><P> OPTS 8 SYN WIN 64512</P><P></P><P>Any idea how to check what is going on the PIX?</P><P></P><P>Thanks</P><P>Vadim</P></BODY></HTML> Thu, 08 Mar 2007 03:34:17 GMT https://community.cisco.com/t5/network-security/pix-and-dns-forwarding/m-p/609862#M1023880 vsclear 2007-03-08T03:34:17Z https://community.cisco.com/t5/network-security/pix-and-dns-forwarding/m-p/609863#M1023881 <HTML><HEAD></HEAD><BODY><P>Hello Vibhor,</P><P></P><P>Please ignore my last update. The command you have posted is working! (I just did not test it correctly)</P><P></P><P>Thank you so much!</P><P></P><P>Vadim</P></BODY></HTML> Thu, 08 Mar 2007 07:09:40 GMT https://community.cisco.com/t5/network-security/pix-and-dns-forwarding/m-p/609863#M1023881 vsclear 2007-03-08T07:09:40Z