https://community.cisco.com/t5/network-security/dns-and-static-address/m-p/1217318#M859734 <P>This morning, as a test, I did the following:</P><P></P><P>ASA internal ip address: 10.20.0.1</P><P>Workstation address: 10.20.0.50</P><P></P><P>I set the workstation's DNS server as 10.20.0.1</P><P></P><P>In the ASA I did:</P><P>static (outside,inside) udp interface 53 4.2.2.1 53 netmask 255.255.255.255</P><P></P><P>I could browse the web. My question is the fact that I don't own the 4.2.2.1 address, as that's Verizon's DNS server. To Verizon, would that look like 4.2.2.1 is querying their own DNS server? Am I, in effect, spoofing an address that they own, or am I really just forwarding the 53/udp traffic out TO 4.2.2.1 as my public address that's assigned to my ASA's outside interface? Just curious. (I didn't leave this in production.)</P><P></P><P>Thanks,</P><P>John</P> Mon, 11 Mar 2019 15:33:31 GMT John Blakley 2019-03-11T15:33:31Z https://community.cisco.com/t5/network-security/dns-and-static-address/m-p/1217318#M859734 <P>This morning, as a test, I did the following:</P><P></P><P>ASA internal ip address: 10.20.0.1</P><P>Workstation address: 10.20.0.50</P><P></P><P>I set the workstation's DNS server as 10.20.0.1</P><P></P><P>In the ASA I did:</P><P>static (outside,inside) udp interface 53 4.2.2.1 53 netmask 255.255.255.255</P><P></P><P>I could browse the web. My question is the fact that I don't own the 4.2.2.1 address, as that's Verizon's DNS server. To Verizon, would that look like 4.2.2.1 is querying their own DNS server? Am I, in effect, spoofing an address that they own, or am I really just forwarding the 53/udp traffic out TO 4.2.2.1 as my public address that's assigned to my ASA's outside interface? Just curious. (I didn't leave this in production.)</P><P></P><P>Thanks,</P><P>John</P> Mon, 11 Mar 2019 15:33:31 GMT https://community.cisco.com/t5/network-security/dns-and-static-address/m-p/1217318#M859734 John Blakley 2019-03-11T15:33:31Z https://community.cisco.com/t5/network-security/dns-and-static-address/m-p/1217319#M859736 <HTML><HEAD></HEAD><BODY><P>No, you are only translating the destination address. The source address is still whatever you are nating it to. If you were translating to 4.2.2.1 the return traffic would never make it back to you.</P></BODY></HTML> Mon, 18 May 2009 17:27:13 GMT https://community.cisco.com/t5/network-security/dns-and-static-address/m-p/1217319#M859736 acomiskey 2009-05-18T17:27:13Z https://community.cisco.com/t5/network-security/dns-and-static-address/m-p/1217320#M859740 <HTML><HEAD></HEAD><BODY><P>I asked Cisco TAC this same question on Saturday though, and they said that it couldn't be done. I'm just wondering if this is something that's safe to leave in place because it provided a VERY nice workaround. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P></BODY></HTML> Mon, 18 May 2009 17:29:40 GMT https://community.cisco.com/t5/network-security/dns-and-static-address/m-p/1217320#M859740 John Blakley 2009-05-18T17:29:40Z