Re: DNS Rewrite and Zone Transfer

bmerrill · ‎05-16-2003

I have a NAT address that I would like to apply DNS rewrite to. For example, 192.168.42.1 on the inside interface is accessed by going to 192.168.100.1 when on the outside interface. If I have a DNS server on the 192.168.42.0 network on the inside and query the DNS name example.example.com from the outside the DNS response will get translated from 192.168.42.1 to 192.168.100.1 by my PIX with sw version 6.3. However, it appears that when my offsite DNS replication partner does a Zone Transfer, the translation does not happen, and example.example.com ends up pointing to 192.168.42.1 on my offsite DNS server which is not a reachable address. I can't just turn off DNS Rewrite because I need inside users and outside users to use the same DNS name but receive different IP resolved addresses depending on whether they are inside or outside when they make the query. Is this possible? Am I wrong in thinking Zone Transfers are bypassing the DNS rewrite? Thank you!

gfullage · ‎05-18-2003

Zone transfers are not included in the DNS rewreite feature either by using the alias command or the dns option on the static command. You'd have to do some sort of destination NAT on your off-site users (or whoever uses your off-site DNS server) and NAT any packets destined to 192.168.100.1 and actually send them to 192.168.42.1. Of course if all these users are in different locations this'll get messy, but the PIX is not going to rewrite the zone transfer traffic, sorry.