NAT Configuration Scenario

Unanswered Question
Mar 29th, 2007

I need to perform a NAT function on only DNS queries destined for external DNS servers that I receive on a single physical interface - all other traffic is to remain unchanged.

These DNS queries need to be redirected to DNS servers internal to my enterprise rather than DNS servers that my wireless service provider is "telling" the client machines to use.

I "Think" all I have to add to the config is the following:

ip nat inside source x.x.2.77 y.y.2.135

ip nat inside source x.x.5.3 y.y.130.135

int fa6/7

desription Interface receiving DNS queries from clients configed with external DNS server entries.

ip nat outside

int vlan 2

desription Interface 1 connected to subnet with enterprise DNS server.

ip nat inside

int vlan 5

description Interface 2 connected to subnet with enterprise DNS server

ip nat inside

I only want NAT performed on DNS queries RX'd on int fa 6/7 destined for either y.y.2.135 or y.y.130.135. All DNS queries destined for x.x.2.77 and x.x.5.3 need to remain untouched.

Will this work ?

Is it the best way or is there an alternative ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
owaisberg Thu, 03/29/2007 - 06:59


Why you don't want to configure your

clients which are behind interface fa6/7

with DNS address of those enterprise DNS

server. This way you need no redirection

to be performed ?



mtevans Thu, 03/29/2007 - 08:46

The interface is connected to a "Secure Wireless Network" (1xRTT and EVDO) that services a whole bunch of customers (Fire/Police/Ambulance/Governement, etc. The service provider is unable to specify/configure per customer DNS entries on the wireless modems other than their own servers or nothing at all. Hence the need to NAT requests coming in from these devices to our own DNS servers.

We try and stay as far away as possible from statically configuring per client any settings.

owaisberg Thu, 03/29/2007 - 09:03

Got it now. So if DNS request coming from

NAT outside interface, to build translation that you need use following syntax:

ip nat inside source static tcp 53 53

ip nat inside source static udp 53 53




This Discussion