Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
DNS in a DMZ!!
- Thread starter cissp2002
- Start date
Yes I am having the same problem. I have a pix 515r and a dmz with a win2k server on it. I can't seem to get dns either. I opened the same ports plus one other but was unsucessful. I also am having a routing issue where the dmz can see only the subnet directly connected to the trusted interface on the pix. We have multiple private subnets back there, but I cannot ping the dmz from them and I can ping the opposite way as well.
Opening up port 53 isn't enough. Remember that when you make a request to the DNS server in your DMZ the destination port is 53 but the source port (your client) will be greater than 1023. If you have applied any access lists to your inside interface then there will be a implicit deny at the end. If you are not allowing UDP ports greater than 1023 back in then the replies to your request will be blocked.
Can you post the entire config (edited) ?
Chris.
************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************
Can you post the entire config (edited) ?
Chris.
************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************
Use the Fixup dns. Requires Version 4.3.
see
see
- Status
Similar threads
- Locked
- Question