Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
310
Views
0
Helpful
0
Replies

Why does DNS_ALG not rewrite this DNS response?

jer0nim0x
Level 1
Level 1

‎03-09-2017 01:10 AM - edited ‎03-12-2019 02:01 AM

There are three networks in this setup:

  • (A) containing a client host
  • (B) containing the DNS server (not NATted wrt network A)
  • (C) containing the DMZ host (NATted wrt network B)

The traffic from Network A to Network B goes through the same router as the traffic between Network B and C, so DNS_ALG could in principle know about the NAT (172.16.2.2 <-> 10.1.1.1) and translate this.

However, DNS_ALG does not seem to rewrite the DNS response. I presume that is because the connection to the DNS server itself is not natted.

Any thoughts?

  +--------------------------------------------------------------+
   |                                                              |
   |  Network A                                                   |
   |                     +--------------+                         |
   |                     |              |                         |
   |                     | Client Host  |                         |
   |                     | 192.168.1.1  |                         |
   |                     |              |                         |
   |                     |              |                         |
   |                     +--^-----------+                         |
   |         Reply is       |   |                                 |
   |         10.1.1.1   (2) |   | (1) Ask for DMZ host IP address |
   +--------------------------------------------------------------+
   |                        |   |                                 |
   |  Network B          +------v-------+                         |
   |                     |              |                         |
   |                     | DNS Server   |                         |
   |                     | 172.16.1.1   |        NATted to        |
   |                     |              |        172.16.2.2       |
   |                     | DMZ host =   |           +             |
   |                     | 10.1.1.1     |           |             |
   |                     +--------------+           |             |
   |                                                |             |
   +--------------------------------------------------------------+
   |                                                |             |
   |  Network C          +--------------+           |             |
   |                     |              |           |             |
   |                     | DMZ Host     | +---------+             |
   |                     | 10.1.1.1     |                         |
   |                     |              |                         |
   |                     |              |                         |
   |                     |              |                         |
   |                     +--------------+                         |
   |                                                              |
   +--------------------------------------------------------------+
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card