Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Configuring DNS Support

Configuring DNS Support

Feb 03,2010 by alperen

small font medium font large font
image

Configuring DNS Support

Use the DNS option on the static command to create a one-to-one address translation only if the reply is a DNS reply. Use the no form of the command to remove the translation.

Pix(config)# static (hi_interface, lo_interface) global_ip local_ip [dns] [netmask mask]
[norandomseq] [max_conn [em_limit]]
Pix(config)# no static (hi_interface, lo_interface) global_ip local_ip [dns] [netmask mask]
[norandomseq] [max_conn [em_limit]]

The following output is an example of creating the translation for a DNS server in the network depicted in Figure 19-13.

Pix(config)# static (dmz, outside) 1.1.1.3 192.168.128.3 dns
Click To expand
Figure 19-13: Static translation for a DNS server on a DMZ network

Because of the high number of attacks on DNS services, PIX Firewalls now only allow the first DNS reply to pass through, and then they drop all others. This prevents man in the middle attacks, where the attacker sends a second DNS reply, creating a bogus domain name resolution that would direct the browser to the wrong site. Unfortunately, DNS service would accept the later reply and update its table.

The following static PAT translation would direct any DNS traffic directed to the PIX Firewall outside interface to be redirected to the inside DNS server at 192.168.128.3.

Pix(config)# static (dns, outside) udp interface domain 192.168.128.3 domain
cp19 Access Control Lists

226 times read

Related news
» Static Translations
by alperen posted on Feb 03,2010
» Network Address Translation
by alperen posted on Feb 03,2010
» Configuring Static NAT
by alperen posted on Sep 09,2009
» Conduit Statements
by alperen posted on Feb 04,2010
» ICMP ACL Statements
by alperen posted on Feb 04,2010
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.