Can you modify a destination IP based on egress interface?

Unanswered Question
Jun 20th, 2008

I have a router with one inside interface and two outside interfaces. Outside interface #1 goes to ISP #1, and Outside interface #2 goes to ISP #2. The “users” on the inside network have ISP #1 DNS servers hard coded and changing them right now is not an option. I need it so that when the primary path fails over from ISP #1 to ISP #2, everything just works.

I looked at using “ip nat inside destination”, to translate requests going to ISP #1 dns into ISP #2 DNS, but it doesn't let me tie it to a route-map, so I can't say “Only translate if packets are going out ISP #2”. Does anyone know how to translate a destination and tie it to a route-map or something similar so it only happens if packets are going out ISP #2?

Brian

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Paolo Bevilacqua Fri, 06/20/2008 - 20:13

Why don't you configure these DNS addresses in the router as looback if's. Then you configure "ip dns server". That should you get you going more easily.

bfeeny Fri, 06/20/2008 - 20:52

Thanks for your reply.

Is there a way the IOS can act like a normal resolving name server, where it will query the root servers directly? I did not see this.

I follow what your saying about hijacking the ISP DNS IP's and setting them as loopbacks. Then I could configure the router to resolve using like 4.2.2.2 or some other "open" dns server which doesn't restrict who can use it. In effect the router is just forwarding all queries to a real dns server upstream which will query the root servers.

I would really be interested if the router can query root servers directly.........do you know if this is possible?

Paolo Bevilacqua Sat, 06/21/2008 - 03:38

Yes, that what I'm suggesting. See:

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_config_dns_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1063353

However, unless ISP1 DNS are filtered, they should able to serve request even when coming via ISP2 links and addresses.

As an appreciation to those providing answers, please rate useful posts if it does!

bfeeny Sat, 06/21/2008 - 07:54

I am sure ISP1 and ISP2 both filter, as most ISP's do these days due to DoS possibilities with open DNS. So I will need to look to using an open DNS.

I wish there was a way to do destination NAT based on egress interface. For example being able to tie a Destination NAT to a route-map and just match the exit interface..........doesn't seem to be the case.

Paolo Bevilacqua Sat, 06/21/2008 - 10:35

Hi, you should look at nat outside destination, that should work too. But I think DNS on the router it's easier.

Thanks for the appreciation and good luck!

Actions

This Discussion