06-20-2008 07:38 PM - last edited on 03-25-2019 03:18 PM by ciscomoderator
I have a router with one inside interface and two outside interfaces. Outside interface #1 goes to ISP #1, and Outside interface #2 goes to ISP #2. The âusersâ on the inside network have ISP #1 DNS servers hard coded and changing them right now is not an option. I need it so that when the primary path fails over from ISP #1 to ISP #2, everything just works.
I looked at using âip nat inside destinationâ, to translate requests going to ISP #1 dns into ISP #2 DNS, but it doesn't let me tie it to a route-map, so I can't say âOnly translate if packets are going out ISP #2â. Does anyone know how to translate a destination and tie it to a route-map or something similar so it only happens if packets are going out ISP #2?
Brian
06-20-2008 08:13 PM
Why don't you configure these DNS addresses in the router as looback if's. Then you configure "ip dns server". That should you get you going more easily.
06-20-2008 08:52 PM
Thanks for your reply.
Is there a way the IOS can act like a normal resolving name server, where it will query the root servers directly? I did not see this.
I follow what your saying about hijacking the ISP DNS IP's and setting them as loopbacks. Then I could configure the router to resolve using like 4.2.2.2 or some other "open" dns server which doesn't restrict who can use it. In effect the router is just forwarding all queries to a real dns server upstream which will query the root servers.
I would really be interested if the router can query root servers directly.........do you know if this is possible?
06-21-2008 03:38 AM
Yes, that what I'm suggesting. See:
However, unless ISP1 DNS are filtered, they should able to serve request even when coming via ISP2 links and addresses.
As an appreciation to those providing answers, please rate useful posts if it does!
06-21-2008 07:54 AM
I am sure ISP1 and ISP2 both filter, as most ISP's do these days due to DoS possibilities with open DNS. So I will need to look to using an open DNS.
I wish there was a way to do destination NAT based on egress interface. For example being able to tie a Destination NAT to a route-map and just match the exit interface..........doesn't seem to be the case.
06-21-2008 10:35 AM
Hi, you should look at nat outside destination, that should work too. But I think DNS on the router it's easier.
Thanks for the appreciation and good luck!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide