topic Re: PIX and Inside DNS server in Network Security

PIX and Inside DNS server

rajankumaresan — Fri, 21 Feb 2020 05:59:14 GMT

hi,

Everything fine when DNS is Outside.If i place a DNS in INSIDE, i cant able to even browse and does not reslove.

i have enabled fixup protocol domain 53, static mapped, access-list for UDP configured..

where i am wrong?.

I am using alias command for my INSIDE Webservers..do i need to remove alias and check?

Pls help......

eenest — Fri, 22 Feb 2002 09:06:12 GMT

Rajan,

First - disable fixup DNS that's not for your scenario.

Second - your DNS server should not be NATed, or it'll be definitely non-authoritative and "possibly" lame.

Place it on DMZ and use "nat 0" with proper access lists.

Third - it's recommended to disable the zone transfer to all except the servers listed as NS for that zone.

Fourth - be sure that you have the latest BIND (Unix/Linux/etc) or NT2K with the latest security patches installed.

rajankumaresan — Fri, 22 Feb 2002 10:52:55 GMT

thanks...

I hv an internal network of 10.10.X.X in Local.

i hv nated Nat (inside) 1 0 0 0 0

i hv webserver which is nated and local ip is 10.10.1.135.

My Local DNS server ip is 10.10.3.150. ..can i just add Nat (inside) 0 10.10.3.150 255.255.255.0 0 0

is it possible?

I dont hv DMZ at right now...Is it not possible to Place DNS in INSIDE?

i am using WINDOWS 2000 Advanced Server for DNS