redirect dns requests to opendns on PIX 501 (v6.3)?

5045 pts.
Cisco Firewall
Cisco networks
DNS configuration
PIX 6.3
I have a remote factory location that connects back to our home plant to get dns resolution. Most of the systems are configured to look to the PIX firewall at that location, and/or our dns server at the main facility via a point-to-point network setup we have. What I would like to do is have the PIX intercept each dns request, and redirect them to go to opendns' dns servers and not our internal one. I've tried a few things with 'static' entries, but I'm not getting anywhere. Any help?

Answer Wiki

Thanks. We'll let you know when a new response is added.


Sure, I guess why, but you can configure your own (I’d not say internal) DNS server to resolve differently to different clients using “zones”. Zones could be “internal” – for clients in your main facility, e.g. with IPs; “remote” – for factory location, e.g. with IPs (sure, you have to have some tunneling in place, terminated on PIX), and “external” – for all others – though, from your scenario (redirecting “remote” to opendns servers) I’d guess you need just internal and external zones.

Good luck,


Discuss This Question: 3  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Koohiisan
    We don't have a server at this location, and no one is willing to spend any $ to put one there. So, I'm just looking to solve this with a simple kludge. I may have to simply change each machine there to use the new dns address instead, but I was hoping for a simpler solution.
    5,045 pointsBadges:
  • petkoa
    So, if you can resolve issue by changing DNS settings on every PC at remote location, it means you also don't have dhcp there. Well, isn't it time to arrange a VPN tunnel to your main site - I believe PIX can do it and configure remote machines by the main site dhcp server? It could be a little risky not to have a local (backup) dhcp there, but anyway might be worth trying... As for redirection of the dns requests to an outer site - I'm not sure it'd be possible at all.
    3,140 pointsBadges:
  • Chippy088
    I think it would be more useful to set up dhcp and dns resolution on the remote local router? Unless there are circumstances that prevent it, it would mean that the queries would be resolved with the minimum of redirection.
    4,625 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: