DNS and DMZ help needed

[burns]

On Thu, 2003-09-18 at 12:17, John C. Voigt wrote:
> Hi,
> 
> I'm in the process of setting up our network at work, as the Feds unplugged our old one. We have a Cisco PIX 515 firewall (not ours) between the router and our LAN with a DMZ port. 
> 
> I have a DNS server in the DMZ to answer external queries. DNS is NATted from an external IP (68.72.56.147) to the DMZ (192.168.100.0/24). The DNS is supposed to answer queries from the outside address, and allow zone transfers to our off-site secondary. The strange thing is that a query to the DNS server from itself (poplar.reclamation.dnr.state.in.us) gives it's correct address (68.72.56.147). From our secondary and other nameservers "out there", it resolves to it's DMZ address, which of course,  is non-routable.
> 
> Any help to point me in the right direction on how to correct this would be most appreciated.
> 

Why do you have a class C subnet address on the DNS box, anyway? If it
is in the the DMZ, it stands to reason that it is outside your protected
subnet.Why not leave it with a routable IP and just point your private
boxes at it through the gateway?

-- 
burns