Solved: The ASA version below 9

tbthurman · ‎07-25-2014

I was researching Static NAT with DNS Modification. Please see the link below. If the User in the example was to do a Reverse DNS lookup (in Step 1) instead of a standard DNS Query, would the NAT rule still modify the reverse lookup IP as it crosses the ASA? My gut is telling me no, since the format for the Reverse Lookup is different (56.2.1.10.in-addr.arpa) than the standard DNS Query Reply format. Does anyone know for certain if this would work?

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/nat_objects.html#wp1141867

Poonam Garg · ‎07-28-2014

The ASA version below 9.0

Translates the DNS record based on the configuration completed using the static and nat commands (DNS rewrite). Translation only applies to the A-record in the DNS reply. Therefore, reverse lookups, which request the PTR record, are not affected by DNS rewrite.

NAT support for reverse DNS lookups- 9.0(1)
NAT now supports translation of the DNS PTR record for reverse DNS lookups when using IPv4 NAT, IPv6 NAT, and NAT64 with DNS inspection enabled for the NAT rule.Reference

HTH

"Please rate helpful posts"

View solution in original post

Poonam Garg · ‎07-28-2014

The ASA version below 9.0

Translates the DNS record based on the configuration completed using the static and nat commands (DNS rewrite). Translation only applies to the A-record in the DNS reply. Therefore, reverse lookups, which request the PTR record, are not affected by DNS rewrite.

NAT support for reverse DNS lookups- 9.0(1)
NAT now supports translation of the DNS PTR record for reverse DNS lookups when using IPv4 NAT, IPv6 NAT, and NAT64 with DNS inspection enabled for the NAT rule.Reference

HTH

"Please rate helpful posts"

Static NAT with DNS Modification - Reverse DNS Lookup