https://community.cisco.com/t5/network-security/dns-rewrite/m-p/1278950#M833925 <HTML><HEAD></HEAD><BODY><P>Your observation is correct. Works as expected or breaks as expected.</P><P></P><P>You can use destination nat to get around that.</P><P></P><P>static (dmz,inside) public-ip dmz-1</P><P></P><P>This will let the inside host access the dmz1 host using public IP address.</P></BODY></HTML> Fri, 03 Jul 2009 14:00:55 GMT Kureli Sankar 2009-07-03T14:00:55Z https://community.cisco.com/t5/network-security/dns-rewrite/m-p/1278949#M833924 <P>Hi,</P><P></P><P>I have a 5520 failover pair running 8.0(4). There are physical interfaces connected to inside and outside, two DMZ logical interfaces and a logical interface to a services network.</P><P>There is a static translation from outside to a DMZ-I host...</P><P></P><P>static (DMZ-I,outside) externaladdress dmzaddress dns</P><P></P><P>The global policy is enabled on all interfaces with DNS inspection. Our DNS servers of parent organisation are located on our services link.</P><P>If I query a dns server located on the outside(internet) I get a dns rewrite response with the DMZ-I address.</P><P>When I query DNS servers on our services link the response is not rewritten.</P><P>Is this expected behaviour as the static is on a different interface to the DNS response?</P><P>If so is there a workaround?</P><P></P><P>Thanks for your help</P><P></P> Mon, 11 Mar 2019 15:50:51 GMT https://community.cisco.com/t5/network-security/dns-rewrite/m-p/1278949#M833924 lech_2000 2019-03-11T15:50:51Z https://community.cisco.com/t5/network-security/dns-rewrite/m-p/1278950#M833925 <HTML><HEAD></HEAD><BODY><P>Your observation is correct. Works as expected or breaks as expected.</P><P></P><P>You can use destination nat to get around that.</P><P></P><P>static (dmz,inside) public-ip dmz-1</P><P></P><P>This will let the inside host access the dmz1 host using public IP address.</P></BODY></HTML> Fri, 03 Jul 2009 14:00:55 GMT https://community.cisco.com/t5/network-security/dns-rewrite/m-p/1278950#M833925 Kureli Sankar 2009-07-03T14:00:55Z https://community.cisco.com/t5/network-security/dns-rewrite/m-p/1278951#M833926 <HTML><HEAD></HEAD><BODY><P>thanks for you reply Kusankar, this is further complicated by our proxy server sharing a DMZ address with some sites.</P><P>I created a static between the services net and the dmz which is enabling the dns replies to be translated..</P><P>static (DMZ-I,SERVICES) externaladdress internaladdress dns</P><P>thanks again for your help</P></BODY></HTML> Fri, 03 Jul 2009 14:46:27 GMT https://community.cisco.com/t5/network-security/dns-rewrite/m-p/1278951#M833926 lech_2000 2009-07-03T14:46:27Z