Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
888
Views
0
Helpful
3
Replies

Content Rule-Based DNS

subhash
Level 1
Level 1

‎04-27-2005 08:27 AM

We have configured the CSS for content rule-based DNS operation for GSLB. The CSS are installed behind a firewall. CSS are configured with private addresses for the services and the VIP. This VIP is translated at the firewall for external access.

In this scenarion, when the CSS receives a DNS query it returns the VIP (private address) and hence the clients can't reach. How can I change it to retun the public address to the user.

Labels:
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎04-28-2005 01:44 AM

the firewall needs to inspect the dns response and nat the private address into public address.

This is called dns doctoring and can be done on a Cisco pix firewall with the command 'alias'.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml

Regards,

Gilles.

0 Helpful

subhash
Level 1
Level 1
In response to Gilles Dufour

‎04-29-2005 12:37 AM

Thank you Gilles. I knew the dns doctoring. I wanted to know if there is any workaround within CSS. Thank you for the confirmation.

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to subhash

‎04-29-2005 03:53 AM

you can configure the CSS to return the public ip address.

But internal users that may require to use the private ip address will also receive the public ip address.

To configure the CSS, you need to use dns a-record and therefore use dns zone-based solution instead of rule-based.

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a00801eebaa.html

Regards,

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card