DNS doctoring, alias .

Does the DNS doctoring work without specifing protocols and ports or does it with them as well? Are internal DNSes needed for the doctoring to work properly or is it the same thing to have clients with external DNSes specified and answers from them are anyway translated?

Alex.

Reply to
AM
Loading thread data ...

it with them as well?

yes, you can use the alias command completly "stand-alone" look at the Cisco doc for "understanding the Alias command" There are two usage guidelines there: one is DNS doctoring, other is destination NAT

same thing to have clients with external DNSes

Reply to
Martin Bilgrav

I tried to use external DNSes and mapped a PC as web server using a static rule specifying protocols and ports. It seems not to work. Does it work only if the questioner is a DNS and not a client? I flushed the DNS cache of my client.

Please, help me.

Alex.

Reply to
AM

Say the name foo.bergladu.edu is mapped to 1.2.3.4

I tried

static (inside,outside) 1.2.3.4 192.168.30.235 dns netmask 255.255.255.255 0 0

and resolving the name with the external DNSes where the name foo.bergladu.eduis mapped

this this the output of nslookup

C:\>nslookup foo.bergladu.edu Server: Address:

Nome: Address: 192.168.31.235 Aliases: foo.bergladu.edu

If I specify

static (inside,outside) tcp 1.2.3.4 80 192.168.30.235 80 dns netmask

255.255.255.255 0 0

this is the output

C:\>nslookup foo.bergladu.edu Server: Address:

Nome: Address: 1.2.3.4 Aliases: foo.bergladu.edu

Why is there this difference? Is it correct?

should be the options "dns" work in each case?

Alex.

Reply to
AM

I read the document and you are correct but I saw a different behaviour specifying protocol and ports (it seems not to work) and stand alone (all thing go OK). My proposal is to use DNS doctoring but I can't. Perhaps my previous posts were a bit confused but briefly (and willing to give access to a web server to internet users and to PCs on internal LAN)

static (inside,outside) tcp interface www 192.168.30.21 www netmask

255.255.255.255 0 seems NOT to work to me

static (inside,outside) interface 192.168.30.21 netmask 255.255.255.255 0 works properly for me

I would the first one to work, i.e. it must resolve name with internal IP of the web server.

My PIX runs 6.3(4) OS version.

Alex.

Reply to
AM

255.255.255.255 0 seems NOT to work to me

works properly for me

you can specify a "DNS" command into that static - Did you try that ?

Reply to
Martin Bilgrav

I'm really sorry Martin :( I was out of my mind when writing and I forgot "dns" in both statements. The correct post had to be

static (inside,outside) tcp interface www 192.168.30.21 www dns netmask

255.255.255.255 0 seems NOT to work to me

static (inside,outside) interface 192.168.30.21 dns netmask 255.255.255.255 0 works properly for me

Alex.

Reply to
AM

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.