I have a DNS server in the DMZ that I use strictly for outbound resolution from my WAN. On my internal network I have the address range for the DMZ routed, so that anything from inside can get to the DMZ, as we do not use default routing internally. I have access lists for port 53 (domain) TCP and UDP permitted through the DMZ interface, and I have the gateway for the DNS server defined as the DMZ interface also. We are connected to a Tier 1 provider, and I have had no problems with this config. Using this method, I did not have to 'STATIC' my DNS server or do anything else special. Also, I did not use forwarding on the DNS server, but just let it send to the Internet to resolve, as I would with any external DNS server. Being stateful, the PIX handles that quite well, and everything works. Hope this helps.....
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.