https://community.cisco.com/t5/network-security/pix-and-internal-dns-server/m-p/308263#M561281 <P>I currently have two internal Win2K3 DNS servers on my internal network that had been working fine. I tried to upgrade my PIX os from 5.1.2 to 6.3.x but that stopped all traffic. I downgraded to 5.2.9 which allowed at least email to flow in again. The problem is that my internal DNS servers now cannot resolve requests from the outside. If I put in the IP of my IPS' DNS servers on the client, it works. The config has not changed but still does not work. Please help this rookie.</P> Fri, 21 Feb 2020 07:36:30 GMT rgonzaga 2020-02-21T07:36:30Z https://community.cisco.com/t5/network-security/pix-and-internal-dns-server/m-p/308263#M561281 <P>I currently have two internal Win2K3 DNS servers on my internal network that had been working fine. I tried to upgrade my PIX os from 5.1.2 to 6.3.x but that stopped all traffic. I downgraded to 5.2.9 which allowed at least email to flow in again. The problem is that my internal DNS servers now cannot resolve requests from the outside. If I put in the IP of my IPS' DNS servers on the client, it works. The config has not changed but still does not work. Please help this rookie.</P> Fri, 21 Feb 2020 07:36:30 GMT https://community.cisco.com/t5/network-security/pix-and-internal-dns-server/m-p/308263#M561281 rgonzaga 2020-02-21T07:36:30Z https://community.cisco.com/t5/network-security/pix-and-internal-dns-server/m-p/308264#M561282 <HTML><HEAD></HEAD><BODY><P>This should be fixed with 6.3.3 and higher be sure that you have the:</P><P>" fixup protocol dns maximum-length 512 "</P><P></P><P>If this does not works try:</P><P></P><P>Workarround two use the alias command:</P><P></P><P>See:<A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml</A></P><P></P><P>alias (inside) 10.10.10.10 99.99.99.99 255.255.255.255</P><P>!--- This command sets up DNS Doctoring. It is initiated from the clients in</P><P>!--- the "inside" network. It watches for DNS replies that contain</P><P>!--- 99.99.99.99, then replaces the 99.99.99.99 address with the 10.10.10.10</P><P>!--- address in the "DNS reply" sent to the client PC. </P><P></P><P>sincerly</P><P>Patrick</P></BODY></HTML> Fri, 03 Sep 2004 15:29:59 GMT https://community.cisco.com/t5/network-security/pix-and-internal-dns-server/m-p/308264#M561282 piseli 2004-09-03T15:29:59Z