Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1234
Views
0
Helpful
2
Replies

PIX DMZ address resolution

prpalmquist
Level 1
Level 1

‎12-19-2001 08:12 AM - edited ‎02-20-2020 09:56 PM

My external DNS servers are on a PIX DMZ interface and they support multiple Web and Application servers on the same phyical subnet. When one of these servers attempts to access a site ON THE SAME PHYSICAL SUBNET, the DNS query resolves to an external address and the connection fails.

I have an ALIAS statement but this does not work in this instance becuase the lookup does not go through the PIX. If I use NSLOOKUP and attach to a DNS server on the outside of the PIX, the ALIAS commands takes over and things work properly.

I suppose I could make these servers use someone elses DNS (external to the PIX), but I'd rather use my external DNS servers.

Any ideas?

0 Helpful
2 Replies 2

turnbull
Level 1
Level 1

‎01-15-2002 05:22 AM

The following link has some ideas

http://www.cisco.com/warp/public/110/pixfaq.shtml#Q15

0 Helpful

torkun
Level 1
Level 1

‎01-17-2002 01:34 PM

You can try hosts file solution if the application is running on a server that is NOT running DNS. Add your DMZ host names with their local IP to the hosts file.

Even for the DNS server hosts file may be used at a higher priority for resolver but but external DNS queries may be answered from the DNS databases.

This solution is suitable for only a few servers. If you have several computers consider running an internal DNS which resolves the DMZ names to local IP and forward/resolve the rest to global IP. The other will continue to serve the public accesses from DMZ.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card