Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
346
Views
0
Helpful
1
Replies

How to stop Pix DNS doctoring (I'm not using aliases)

bconrad
Level 1
Level 1

‎06-30-2004 09:42 AM - edited ‎02-20-2020 11:29 PM

Hello,

Pix 515e, v6.3.1

I'm running split dns and things are running ok. However, if I have a host defined in a static statement the Pix will doctor the dns replies when I query an external name server via a LAN workstation.

For instance:

static (inside,outside) a.b.c.d 192.168.16.3 netmask 255.255.255.255 0 0

If I do a nslookup from my LAN and point to an Internet dns server (4.2.2.1) the request gets doctored by the pix and I get the internal address (192.168.16.3) of the static instead of the public address. Right now, the only way for me to check external DNS is to ssh into a machine outside the PIX and do a nslookup from there.

I've done the following:

- there are no aliases defined

sysopt nodnsalias inside

sysopt nodnsalias outside

- my statics don't have the "dns" clause.

Can I turn off the dns doctoring?

Ben

0 Helpful
1 Reply 1

scoclayton
Level 7
Level 7

‎06-30-2004 06:09 PM

Ben,

This is a bug in the PIX 6.3 code. The PIX should not be translating these replies. The bug ID is CSCea70434 and is resolved in the latest PIX image (6.3(3)). Upgrading will resolve the issue.

Scott

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card