The name is kinda funny, we’ll see what it is all about. Often times, a network hosting the webserver on the internal network is protected by a Cisco PIX firewall. So anybody accessing the site from the Internet would just access it as http://www.domain.com, and since it is registered with a Public DNS Server, the name will be resolved and the site is displayed to the user. However, the same isn’t possible for someone who is internal to the network where the webserver is hosted because of 2 reasons;

1. The hostname is different

2. The ip address will be private and won’t resolve to http://www.domain.com

In such situations, one of the ways you can make it possible would be something called DNS Doctoring…

Letz take an example;

The internal ip address of the webserver : 10.1.1.1

The Host Name of the webserver : mywebserver

Public Name of the webserver : www.domain.com

So in the PIX firewall, you make the following configuration;

Let the PIX know that you are trying to reach the internal machine by modifying the following static NAT;

static (Inside,Outside) x.x.x.x 10.1.1.1 netmask 255.255.255.255

(The above statement tells pix that any request coming to the ip address x.x.x.x should be natted to 10.1.1.1)

Change the above to;

static (Inside,Outside) tcp x.x.x.x www 10.1.1.1 www DNS netmask 255.255.255.255

                                                                             ^^^

(Watch the ‘DNS’ keyword in the modifed ‘static’ statement. This tells the pix that DNS resolution also should be taken care).

From now onwards any internal user can also browse the website using http://www.domain.com What makes this possible is that, PIX intelligently resolves it for you! Kinda cool huh ??

How else can this be done ?

Add an ‘A’ record in the internal DNS server as www (assuming that your domain name is also domain.com) pointing to 10.1.1.1