Simple yet important question. well, configuring dns doctoring we have two ways, alias or static nat with keyword dns on it.
my question is, if we use static nat with dns keyword on asa , and we know the dns inspection is on by default(correct me if i am wrong ) , do i need an outside to inside (inbound) acl for dns tcp/udp 53 to be opened !!!!!!!!!!!!!!!!!!! or the sttic nat command with dns keyword is enuff !!!!!!!!!!!!!!!!!!!!!!!! *meaning:* static (in,out) 1.1.1.1 2.2.2.2 dns is enough or also need to put up access-list out permit tcp any host 1.1.1.1 eq 53 access-list out permit udp any host 1.1.1.1 eq 53 Plz do clarify, cannot test this on asa, i believe !!!! I am sure this question might help many people in solving such practical life scenarios ! regards, Kamran.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
