DNS Issues

[qwaszx649]

I am adding a PIX firewall to my network. Before we just used a router with IOS firewall on it. We have 2 internal DNS servers that are also used external as well. The problem is, when I move the DNS servers over to the PIX, DNS resolution stops. I can ping out to the internet by IP fine, but name resolution is not working. I have rebooted the perimeter router and the PIX and the DNS server and nothing seems to work. Any ideas?

 

[qwaszx649]

Just thought I would add some more info. I am taking the external IP address off this server and I created a static nat on the PIX before I moved it over. When I ping the external address from the router when it is going through the PIX, I can ping it, but the arp entry is the MAC address of the PIX not the DNS server. Is that normal, or is that the problem?

 

[baddos]

The arp entry should be that of the PIX, because the IP isn't the DNS server any more. What you need is an acccess-list or conduit list to allow UDP port 53 access to your DNS servers.

Example

access-list 101 permit udp any host xxx.xxx.xxx.xxx eq 53
access-group 101 in interface outside

Replace the xxx.xxx.xxx.xxx with the public IP of your DNS server.

 

[qwaszx649]

I made some changes to my access list and added the line above and I can now ping and resolve host names from a command prompt on the server, the funny thing is, I had a generic permit any any statement for both tcp and udp for testing and it didn't work.
Anyway, I still cannot get the webpages to pull up in a webbrowser. I added the same line above and changed it to tcp ... eq 80 and that didn't help. Is there some setting on the PIX that I am missing, like a name-server command on a router?

 

[baddos]

Post your access-list.

 

[qwaszx649]

Turns out that the problem was something in internet exploder, I mean explorer. I downloaded IE6 sp1 again and reinstalled it and then rebooted and it started working. Thanks for you help!