Solved: Re: CSS dns-server question

acomiskey · ‎04-26-2007

When using CSS as a dns server, is it possible for it to resolve a domain name to a private address when requests are coming from inside network? Alternatively it would also have to resolve the same domain name to the public address for external clients. Is this possible? thanks.

Gilles Dufour · ‎04-26-2007

not possible.

If there is a firewall delimiting the inside and outside, it is up to the firewall to catch the dns response and perform the change public->private or private->public.

All Cisco firewalls are able to do this.

This is called dns fixing.

Gilles.

View solution in original post

Gilles Dufour · ‎04-26-2007

not possible.

If there is a firewall delimiting the inside and outside, it is up to the firewall to catch the dns response and perform the change public->private or private->public.

All Cisco firewalls are able to do this.

This is called dns fixing.

Gilles.

acomiskey · ‎04-27-2007

Ah, didn't even think of that. thanks.

acomiskey · ‎04-27-2007

Unfortunately, after doing dns doctoring, the dns entry is changed from inside and outside interfaces, which is not good. I only want it doctored on requests originating from inside. Any ideas? Here's a little more info, CSS is in dmz. I would prefer to use private dmz addresses for access to servers from the inside. But the CSS resolves to public address. I can configure the ASA with destination nat which would allow inside clients to use public addresses, but if I do that I can't use public AND private addresses at the same time. thanks.