03-27-2007 06:16 PM - edited 03-05-2019 03:08 PM
I've been reading a bit about the dns proxy feature but am not sure if it would do what I'd like it to do.
In one of our small offices we have an 871 (with 12.4-11.T1 Adv IP loaded) that serves as the perimeter router and also does basic firewall duty.
Here we have a small web server that has a local 192.168 address, and also has a static public IP address mapped to it, along with a public host/domain name.
The problem is that we can access the server from the outside using its public URL, but, on the lan we have to use the local IP address instead. I was contemplating setting up a small local DNS server that would take care of this, but, thought it would be wonderful if the 871 could do this own its own... Would it be possible for us to use it as our DNS server, specify one or two hostnames for which it would return an address, then forward any other requests to our ISP's nameservers?
Thanks
M
03-28-2007 08:24 AM
You can do this one of two ways:
- The first is to create a DNS view:
1. Create a dns view and give it the name.
c2811(config)#ip dns view
2. Here you define your ISPs DNS servers.
c2811(cfg-dns-view)#domain name-server
I have never tried it dynamically, but the command above says it possible
through the interface keyword if you choose:
c2811(cfg-dns-view)#domain name-server ?
A.B.C.D Host IP address
interface Gather dynamically from interface address acquisition
vrf Specify VRF name
c2811(cfg-dns-view)#domain name-server interface FastEthernet0/0
3. Specify your inside interface as the source-interface.
c2811(cfg-dns-view)#dns forwarding source-interface FastEthernet0/1
c2811(cfg-dns-view)#exit
4. Enable dns server on the router. The configuration above will not work
withough this.
c2811(config)#ip dns server
c2811(config)#end
c2811#
There is a defect that may prevent this from working. Its fixed in 12.4(9)T
and is defect CSCek06597, Split DNS: dns forwarding source-interface is not
working.
- The second is called DNS spoofing and here is the documentation for it.
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guid
e09186a00801a7605.html
Its a 2 line configuration, you enable the "ip dns server" and then the "ip
dns spoofing x.x.x.x" and the device should act as a proxy for dns queries.
HTH
Anthony
03-28-2007 10:05 AM
You can use the router as a DNS server, but (at least locally) it has to be an authoritative server for a whole subdomain (of course you can have another public DNS server resolving that subdomain to anyone else). You'll find the configuration examples here:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: