I searched on this topic and found a bunch of stuff relating to DNS but nothing that matched my situation exactly. I'm on pix 515 version
6.3.3 and I have three interfaces which are inside, outside and dmz. I have a web server in the dmz and up until now, only inbound traffic was allowed. However with a new software package, we need the web server to be able to resolve names and get back out onto the internet. I configured the firewall to allow outbound traffic and it worked with an access list and a nat statement but there is no name resolution. I can telnet or web to IP's but not to names. I have two DNS servers internally that I can route the queries to which is what I want to do if possible. Any ideas on how to set this up? I can post my config if necessary.
I don't know enough about the OS on the web server...it is running IBM AIX but I have a test computer working in the DMZ and until I am able to resolve names with that one I don't want to change settings on the web server. Currently there are no DNS queries traversing the firewall...all the internal clients are on the inside interface and they query the local internal DNS servers which is what I want computers in the DMZ to do. Here is my configuration minus the unimportant stuff and Thanks for the help...
So you are not allowing DNS out. Maybe that's the problem then? Note that if you want to allow DNS to your interal DNS server then you will have to set up NAT for that (dmz to inside) as well as adding the rule to the DMZ acl. If the web server is configured with external DNS servers then you will just have to add tcp/udp 53 to the rules.