Configuring an extra DNS on a Cisco PIX 501 Firewall..

HI, I have a Cisco PIX 501 With 6.1 firmware. connected this way.

  Cisco Router <--> PIX 501 (DHCP) < --> LAN

 I'm setting up an internal DNS for the LAN on windows 2003 (static address).  I want to setup the DHCP on the PIX to automatically propagate the correct DNS throgh the network.

"dhcpd dns"  already has two addresses configured for the Internet... how do I add one more for the internal network?
LVL 8
markps_1Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

markps_1Author Commented:
Another quick question is what is the point of the Router since the firewall is doing the NAT..?
calvinetterCommented:
>how do I add one more for the internal network?
  Sorry, 2 is the limit on PIX, even on much newer version 6.3 or even 7.x.

>what is the point of the Router since the firewall is doing the NAT..?
  Usually it's because the router's directly connected to a T1 or other type of WAN connection that the PIX doesn't support - PIX only has ethernet interfaces.  Or in situations when you need a true router on the WAN connection (a PIX is *not* a router!).  Also, often a PIX is added later when some organization wants to "beef up security" for their Internet access.

cheers

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
markps_1Author Commented:
So, is there any harm or dumping one of the ISPs DNS and adding mine?
Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

calvinetterCommented:
No, shouldn't be a problem.  Though if you're setting up an internal DNS server, might as well setup both ISP's DNS servers as forwarders on your Win2003 DNS server, that way if the single ISP DNS server given out by the PIX is unavailable, your workstations & your server will still be able to resolve Internet addresses.
  Either that, or just disable DHCP on the PIX, install & setup DHCP on the Win2003 server; a Windows DHCP server will allow you to specify more than 2 DNS servers.

cheers
markps_1Author Commented:
I can't move the DHCP on windows. Internal decisions here.

 I've just tried to set the new "dhcpd dns" on the pix it it won't go through...

 I've typed "configure terminal"  then  "dhcpd dns (ISP's DNS) (Internal DNS)"  and then when I type  "Show Configuration" and the configuration didn't change. I've been able to change other things here and there any clue why can't I change the DHCPD DNS? I've also tried to delete it with  "no dhcpd dns"  and it didn't do anything either.

Any clue?
calvinetterCommented:
"show config" only shows you the saved config on the PIX.  Do "sh run" (or "write t") to display the current "running config" which will verify whether your changes were made.  When you're satisfied, make the change permanent by "wr mem".

cheers
markps_1Author Commented:
Hey thanks for the fast responses! A+
calvinetterCommented:
No problem!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.