06-14-2016 09:54 AM - edited 02-21-2020 05:50 AM
Dear All,
i have a problem in DNS Forwarder DNS server forwarder is not resolving 8.8.8.8, 4.2.2.2 or any global IP, DNS server is inside network, internet traffic is going through proxy which is in DMZ,DMZ interface=> rule "source (Proxy IP- 10.1.10.10) destination (any) port (IP) " and DNS traffic is directly going outside inside interface=> Source (DNS Server IP-10.1.1.10) destination (any) port (53), NAT Rule=> 10.1.0.0 To 10.1.10.10 outside,
what do i do inorder to resolve 8.8.8.8 or 4.4.4.4.?
is it necessary to drive the traffic to proxy server with allowing port 53 and DNS forwarder setting should be dmz proxy server IP ?
06-15-2016 03:32 AM
In a proxy-setup the Proxy will do the name-lookup. For that you need to allow the proxy to reach the configured DNS-servers on UDP/53 and TCP/53. That has to be allowed with the ACL. And you need a translation that the proxy can reach the internet. That's all that has to be done on the ASA.
To test it run the following command:
packet-tracer input dmz udp IP-OF-PROXY 1234 8.8.8.8 53
06-15-2016 04:09 AM
I tried already using the firewall rule but it does not work, is there any DNS config in proxy server to do the name resolution for port 8.8.8.8 and any other IP. if yes then how to configure it
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: