I have a NAT address that I would like to apply DNS rewrite to. For example, 192.168.42.1 on the inside interface is accessed by going to 192.168.100.1 when on the outside interface. If I have a DNS server on the 192.168.42.0 network on the inside and query the DNS name example.example.com from the outside the DNS response will get translated from 192.168.42.1 to 192.168.100.1 by my PIX with sw version 6.3. However, it appears that when my offsite DNS replication partner does a Zone Transfer, the translation does not happen, and example.example.com ends up pointing to 192.168.42.1 on my offsite DNS server which is not a reachable address. I can't just turn off DNS Rewrite because I need inside users and outside users to use the same DNS name but receive different IP resolved addresses depending on whether they are inside or outside when they make the query. Is this possible? Am I wrong in thinking Zone Transfers are bypassing the DNS rewrite? Thank you!