PIX WAN Interface access by FQDN

You can't.
Assuming that you have a static nat mapping port 80 from the outside interface to an inside host, you have no choice except to resolve www.mydomain.com interanally to the private IP address.

Unless - your DNS server is located outside the pix and the dns request for www.mydomain.com passes through the firewall, then you can use "alias" or dns fixup.

static (inside,outside) tcp interface http 192.168.111.222 http dns netmask 255.255.255.255
                                                                                           ^^^

Correction, mydomain.com points to an IP that has a one to one translation configured on the PIX, not the IP asssigned to the PIX WAN. The ip is static natted back to my webserver...

Doesn't matter. Same issue.

Can you clarify everything after "unless"

What do your internal hosts use for their DNS server? Is it an internal server, or public server?
If it is internal, then you should resolve to the private IP address.
If it is an external dns server, the PIX will intercept the dns request and "doctor" the response to the real private IP address. This is done with "alias" command on previous versions, but with the "dns" keyword in the static xlate for the latest versions of PIX OS.

so in your example above the "192.168.111.222" is internal hos that my static nat points to?  Also, would this require an accompany access list statement?

how would the static nat look if it was applied to an available ip and not the WAN interface IP?

sorry, my hosts use dns servers provided by the ISP.

then try using the "dns" in the static as I demonstrated above

my existing static looks like this:

static (inside, outside) <public_ip> <private_ip> net mask 255.255.255.255 0 0
access-list in permit ip any host <public_ip>

where <public_ip> is not the IP assigned to PIX outside interface.

based on your last comment i should edit my config to look like this?:

static (inside, outside) <public_ip> <private_ip> DNS net mask 255.255.255.255 0 0

Exactly..
except that "nat mask" is one word "netmask", and I think that "DNS" needs to be lowercase "dns"

ok, i was just capitalzing "DNS" for emphasis..i will try this and let you know the result.
Thanks.

the change above did not seem to have any effect..

Where is the DNS server physically in relation to the PIX FW?
Inside, or outside?

Oh... did you flushdns from your client? It might have been in cache?
C:\>ipconfig/flushdns

for most of the network the DNS servers are outside of the PIX as they use the ISP's DNS server.  There is an additional subnet behind the PIX (one hop from the PIX lan network) whose gateway gets Natted to the additional Public IP of the PIX. On this additional subnet, a windows domain exists with a single domain controller that is also a dns server.

i tried flushing the dns cache to no avail.

What version PIX OS?

Question asked was answered -
"you can't" is a perfectly acceptible answer.

Point taken and thanks for highlighting it. My error in not realising that the rest of thread was secondary.

Thanks
Keith