cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
469
Views
0
Helpful
1
Replies

DNS Doctoring - network range

Walter1972_2
Level 1
Level 1

Hello

I find plenty of examples of host configurations, like...

static (dmz,inside) X.X.X.X Y.Y.Y.Y netmask 255.255.255.255 dns

Can I also configure it for networks, like...

static (dmz,inside) X.X.X.X Y.Y.Y.Y netmask 255.255.255.0 dns

The reason to deploy the network method would be when I don't know all the internal servers being targeted by clients.

Thanks you for helping me

1 Reply 1

Hi Bro

This is not possible. Let me explain why.

Firstly, it should be static (inside,dmz) not the other way around, unless of course you're doing a 2-way NAT which is not your case.

The statement static (inside,dmz) 10.10.10.0 20.20.20.0 netmask 255.255.255.0 means you're doing IP TRANSLATION, which is not what you're doing either.

The only reason you use DNS Doctoring, is so that LAN users are able to see the internal web servers as a private address (the real address) when the DNS client is on LAN.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml#intro

P/S: if you think this comment is useful, please do rate them nicely :-)

Warm regards,
Ramraj Sivagnanam Sivajanam
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: