871 Router as a very simple DNS server, proxy

Unanswered Question
Mar 27th, 2007
User Badges:

I've been reading a bit about the dns proxy feature but am not sure if it would do what I'd like it to do.


In one of our small offices we have an 871 (with 12.4-11.T1 Adv IP loaded) that serves as the perimeter router and also does basic firewall duty.


Here we have a small web server that has a local 192.168 address, and also has a static public IP address mapped to it, along with a public host/domain name.


The problem is that we can access the server from the outside using its public URL, but, on the lan we have to use the local IP address instead. I was contemplating setting up a small local DNS server that would take care of this, but, thought it would be wonderful if the 871 could do this own its own... Would it be possible for us to use it as our DNS server, specify one or two hostnames for which it would return an address, then forward any other requests to our ISP's nameservers?


Thanks

M

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
answanso Wed, 03/28/2007 - 08:24
User Badges:
  • Cisco Employee,

You can do this one of two ways:


- The first is to create a DNS view:


1. Create a dns view and give it the name.


c2811(config)#ip dns view


2. Here you define your ISPs DNS servers.


c2811(cfg-dns-view)#domain name-server


I have never tried it dynamically, but the command above says it possible

through the interface keyword if you choose:


c2811(cfg-dns-view)#domain name-server ?

A.B.C.D Host IP address

interface Gather dynamically from interface address acquisition

vrf Specify VRF name


c2811(cfg-dns-view)#domain name-server interface FastEthernet0/0


3. Specify your inside interface as the source-interface.


c2811(cfg-dns-view)#dns forwarding source-interface FastEthernet0/1

c2811(cfg-dns-view)#exit


4. Enable dns server on the router. The configuration above will not work

withough this.


c2811(config)#ip dns server

c2811(config)#end

c2811#


There is a defect that may prevent this from working. Its fixed in 12.4(9)T

and is defect CSCek06597, Split DNS: dns forwarding source-interface is not

working.


- The second is called DNS spoofing and here is the documentation for it.


http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guid

e09186a00801a7605.html


Its a 2 line configuration, you enable the "ip dns server" and then the "ip

dns spoofing x.x.x.x" and the device should act as a proxy for dns queries.


HTH

Anthony

IVAN PEPELNJAK Wed, 03/28/2007 - 10:05
User Badges:

You can use the router as a DNS server, but (at least locally) it has to be an authoritative server for a whole subdomain (of course you can have another public DNS server resolving that subdomain to anyone else). You'll find the configuration examples here:


http://ioshints.blogspot.com/search/label/DNS

Actions

This Discussion