04-20-2006 07:17 AM - edited 02-21-2020 12:50 AM
Is it possible to have client machines inside a PIX sending dynamic dns updates to an AD/DNS server outside the firewall when using NAT? If so, is this supposed to be handled by the normal dns fixup/inspection, or does something have to be specifically configured? Is there any version restriction on the solution (if any)? Thanks.
04-26-2006 08:02 AM
I din't think it is possible to have client machines inside a PIX sending dynamic dns updates to an AD/DNS server outside the firewall when using NAT
04-26-2006 02:41 PM
Do you have another firewall between the AD/DNS servers and the Internet? If not you could be in for a rude awakening someday!
I don't see the purpose of doing dynamic updates to DNS via NAT, when the address' for the hosts won't be the same for any length of time.
It is always best to separate DNS for internal zones and public zones, otherwise someone with malicious intent will be able to find out the names of your internal hosts.
I know that there are reasons to run both internal and external dns on the same server, but I don't see this in your case.
This may not be the answer that you are looking for, but hopefully it will be worth something to you.
G'Day,
Roger
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide