DNS Setup using a pix

[leprikon]

Here is what i'm setting up - is that a fairly common practice or is this not recommended ?

internal DNS on 'Private' forwards to external dns on 'DMZ' who forwards to ISP DNS.

When a query for a local domain (test.domain.com) the local dns server queries the dmz dns server and since the test.domain.com is listed as 10.0.1.100 and xx.xx.xx.100 it returns 10.0.1.100 for the Private but xx.xx.xx.100 for the internet requests.

my worry is that anyone that does an NSLOOKUP on the domain will see the public & DMZ ip address.

 

[EddieVenus]

You will be using the Alias command to do this. It is really fairly normal stuff. It just associates inside IPs to DMZ IPs so that DNS will work seemlessly accross them. Look up the PIX Command Reference on the CCO site, then look for the Alias command to get a feel for how it works. It is really not to hard to do.

Hope this helps.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/index.htm

Eddie Venus

 

[leprikon]

I have it setup as static outside to dmz then use acl to control access. I was more concerned with the issue of forwarding to the dns server on the DMZ instead of having the inside go out to the ISP directly.

But there doesn't seem to anyway around it.