Non-routable addresses in the DMZ
Michael Voight
mvoight at cisco.com
Thu Jul 15 17:20:19 UTC 1999
Marty Enerson wrote:
>
> I recently setup a Cisco PIX firewall with and 'inside", "outside", and "DMZ"
> networks. I split my DNS server to an internal and an external. Our internal
> network is using 192.168.xxx.xxx numbers and the DNS works fine. My problem arose
> when we setup non-routable addresses in the DMZ zone. This is where our external DNS
> server sits. I gave the box and 192.168.xxx.xxx number. The PIX gives it a routable
> address. The problem is that when I try to start BIND and it is just serving
> routable addresses it wouldn't work going out on the EN card that had a non-routable
> address bound to it.
To clarify, are you saying the DNS server itself has a non routeable
address or you have machines that you are in DNS without routable
addresses? What exactly wouldn't work going out the EN card?
Are the machines with the non routeable addresses on the DMZ or inside?
It sounds like
1. your extermal DNS server is on the DMZ interface of the PIX
2. you have non routeable host configured on this DNS server
3. Are you expecting external machines to get the non routeable
addresses??
or are you using the PIX "alias" command to have the PIX translate the
DNS response packet to the external people?
A more detailed explanation is needed.
or perhaps you want to open a PIX case with Cisco TAC
Michael Voight
Cisco TAC
(Yes, I support CDDM, CNR, DD, and I USED to support PIX)
More information about the bind-users
mailing list