DNS Issues through PIX 515

[roojam]

Our PIX Firewall had a trial run over the weekend and everything seems to be superb, apart from one problem, DNS!!! If we key in a IP address it goes to the site, if we typw in the DNS name, it doesn't like it at all.

Has anyone got any ideas at all??? We use a leased line to a ISP and we use there DNS server.

Richard

 

[8dstaicu]

Look a the "alias" command. This it's your problem.

 

[roojam]

Thats what I am in the process of doing at the moment, is the format like this???:

alias (inside) <ip address of dns server> <inside interface address>

Does this sound right or am I going about it all wrong??

Richard

 

[8dstaicu]

alias (inside) internal_server_ip_address external_ip_address 255.255.255.255

This will rewrite a DNS A record.

You have a server with a ip address. This server reside on inside network. And this server has a static command that map real internal ip address into a internet address. When you point to internal ip address you can make connection to thsi server. But if you point to the name of the server, and this name is resolved by an external DNS to external internet address you cannot access the server.
Using alias, pix rewrite the ip address from a dns answer so you'll get the internal ip address instead of external ip address.

In this way you'll solve your problem.

Contact me on gabi@bvb.ro if you still have problems.

 

[webnetwiz]

You can install an internal DNS server.