Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
830
Views
0
Helpful
2
Replies

internal dns resolution

Go to solution
born.jason
Level 1
Level 1

‎01-10-2011 01:30 AM - edited ‎03-11-2019 12:32 PM

Hi,

i have a problem with a hosted server inside of our network. It is a customer mailserver. If i now try to telnet from inside to the server "mail.domain.com 25" it does not work. Only with the inside IP it works. How could i configure the asa to resolve the domain name right? I don`t want to add a dns entry on the inside.

FYI:

we have an external ip range routed to the asa and the internal mail server has a nat rule for this external range.

Thanks

Jason

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎01-10-2011 01:51 AM

You can use DNS doctoring to resolve the issue if the DNS request/reply actually goes through the ASA as well.

If  the mail dns entry is hosted externally, and I believe that you would  probably have a static NAT statement to NAT the mail server private IP  to public IP so it's accessible from the outside, then you can add the  keyword "dns" on the static NAT statement of the mail server.

You  would need to perform dns flush on your internal machines once the above  is configured so it requests for the dns entry again, and when the dns  traffic passes through the ASA, the DNS doctoring will translate the DNS  entry for your mail server to its private ip address so it's reachable  via its private ip address from your internal network.

Here is a sample configuration on DNS doctoring for your reference:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

Hope that makes sense.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎01-10-2011 01:51 AM

You can use DNS doctoring to resolve the issue if the DNS request/reply actually goes through the ASA as well.

If  the mail dns entry is hosted externally, and I believe that you would  probably have a static NAT statement to NAT the mail server private IP  to public IP so it's accessible from the outside, then you can add the  keyword "dns" on the static NAT statement of the mail server.

You  would need to perform dns flush on your internal machines once the above  is configured so it requests for the dns entry again, and when the dns  traffic passes through the ASA, the DNS doctoring will translate the DNS  entry for your mail server to its private ip address so it's reachable  via its private ip address from your internal network.

Here is a sample configuration on DNS doctoring for your reference:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

Hope that makes sense.

0 Helpful

Go to solution
born.jason
Level 1
Level 1
In response to Jennifer Halim

‎01-10-2011 04:10 AM

Thanks Jen, this was it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card