Absolutely the best solution is split-dns, but if all they are concerned
about is getting to their public website by FQDN, then the alias will work.
If you have intranets, etc then I would require additional dns servers.
> I still like the idea of public and private DNS. I have had times when
> my outside connection has gone down (it rains, it goes down) and our
> clients can still get to the Intranet Web site (private DNS is on the up
> side of the PIX).
> But, 90% of our traffic is Intranet, and not Internet.
> I can also supply private and secured web systems to our users, and
> without the public translation, no one else sees it (our network status
> is a web page hosted on the private side).
> > Here you go:
> > http://www.cisco.com/warp/public/110/alias.html#int
> > > So If I understand this correctly I can get away with one dns server
> > outside
> > > our network. We are currently using a company for our dns service.
> > task
> > > involves the following steps:
> > > 1. Tell the company that provides us the dns service to point to
> > 22.214.171.124
> > > for
> > > our www.xyz.com.Lets suppose that dns server for that company has the
> > > a.b.c.d
> > > 2. Then since my PIX inside interface has the ip address of
> > > issue the command alias 126.96.36.199 a.b.c.d 255.255.255.255
> > > 3. Then have our internal client machines point to 188.8.131.52 for
> > > queries.
> > > Thanks for any help.
> > > Teresa