I am having trouble getting DNS Zone Xfer to pass through the Pix. I have a primary DNS on the inside and a secondary DNS on the outside. I want the secondary DNS to pull a new zone file (when necessary) through the pix. Not working for me. I have provided the relevant PIX configs:
access-list 101 remark --ALLOW DNS AND ZONE XFER--
access-list 101 permit tcp host 32.A.B.C host 32.A.B.D eq domain
access-list 101 permit udp host 32.A.B.C host 32.A.B.D eq domain
global (outside) 1 32.A.B.E
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 32.A.B.D <INTERNAL IP> netmask 255.255.255.255 0 0
The DNS is the first entry in the access-list. There are other entries, but not pertaining to DNS. If this is a little confusing, I need to allow an outside (untrusted) IP to request DNS from an inside (trusted) IP. Secondly, the only communication allowed betwen the two DNS servers is DNS.
The PIX version is 6.3(1).