Re: DNS Doctoring

yaccad · ‎06-10-2002

I have a PIX version 6.1. My web server and DNS server are on the inside of the PIX. My internal clients cannot reach the web server using it's public address or domain name.

Is there any way that I can use the alias command or anything else to do dns doctoring when the dns server is on the inside interface of the pix? I don't want to add a second dns server to resolve to private addresses or move the dns server to the outside or dmz if I don't have to.

Any help appreciated greatly.

Thanks

g.rodegari · ‎06-10-2002

Hi,

you can use the alias command : alias(inside) internal ip external ip, , or you can resolve your name in private address for the internal machines...

look this:

http://www.cisco.com/warp/public/110/alias.html

Bye,

Graz.

rsnider · ‎06-11-2002

You cannot use any command in the PIX. If your DNS server, WEB server and the clients using them are on the same network, they are not controled by the PIX. They communicate directly. In a network that is small, you can use the client's host table to define the web servers name to inside address, otherwise you must place the PIX between the WEB server and it's clients(DMZ). Another solution would require a router between the PIX and the inside network.

o.fulbert · ‎06-25-2002

No it's Wrong ! Host in inside demand to the Dns Where is the www.example.com the DNS resolve it to 65.65.64.64 ( Public Adress ) and THE PIX can say : If someone in inside want to connect to 65.65.64.64 so it must go on the Inside Private IP address

It 's Clear on the CCO Alias Command Reference

rsnider · ‎06-25-2002

On careful reading of the Command Reference I see that in both examples, the DNS reply crosses the PIX because the DNS server is outside. In this senario the DNS reply doesn't, it goes directly to the client.

Ron