DMZ DNS COMMANDS?

[Saroden]

Version 4.2(2)
DMZ DNS COMMANDS?

What commands are needed to setup internal access to a DMZ DNS server?
How do you let the DMZ DNS server access external DNS from ISP?

Thanks 4 yer' help - Saroden

 

[mitchoe]

I have a DNS server in the DMZ that I use strictly for outbound resolution from my WAN. On my internal network I have the address range for the DMZ routed, so that anything from inside can get to the DMZ, as we do not use default routing internally. I have access lists for port 53 (domain) TCP and UDP permitted through the DMZ interface, and I have the gateway for the DNS server defined as the DMZ interface also. We are connected to a Tier 1 provider, and I have had no problems with this config. Using this method, I did not have to 'STATIC' my DNS server or do anything else special. Also, I did not use forwarding on the DNS server, but just let it send to the Internet to resolve, as I would with any external DNS server. Being stateful, the PIX handles that quite well, and everything works. Hope this helps.....