cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
345
Views
5
Helpful
5
Replies

Can you modify a destination IP based on egress interface?

bfeeny
Level 1
Level 1

I have a router with one inside interface and two outside interfaces. Outside interface #1 goes to ISP #1, and Outside interface #2 goes to ISP #2. The “users” on the inside network have ISP #1 DNS servers hard coded and changing them right now is not an option. I need it so that when the primary path fails over from ISP #1 to ISP #2, everything just works.

I looked at using “ip nat inside destination”, to translate requests going to ISP #1 dns into ISP #2 DNS, but it doesn't let me tie it to a route-map, so I can't say “Only translate if packets are going out ISP #2”. Does anyone know how to translate a destination and tie it to a route-map or something similar so it only happens if packets are going out ISP #2?

Brian

5 Replies 5

paolo bevilacqua
Hall of Fame
Hall of Fame

Why don't you configure these DNS addresses in the router as looback if's. Then you configure "ip dns server". That should you get you going more easily.

Thanks for your reply.

Is there a way the IOS can act like a normal resolving name server, where it will query the root servers directly? I did not see this.

I follow what your saying about hijacking the ISP DNS IP's and setting them as loopbacks. Then I could configure the router to resolve using like 4.2.2.2 or some other "open" dns server which doesn't restrict who can use it. In effect the router is just forwarding all queries to a real dns server upstream which will query the root servers.

I would really be interested if the router can query root servers directly.........do you know if this is possible?

Yes, that what I'm suggesting. See:

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_config_dns_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1063353

However, unless ISP1 DNS are filtered, they should able to serve request even when coming via ISP2 links and addresses.

As an appreciation to those providing answers, please rate useful posts if it does!

I am sure ISP1 and ISP2 both filter, as most ISP's do these days due to DoS possibilities with open DNS. So I will need to look to using an open DNS.

I wish there was a way to do destination NAT based on egress interface. For example being able to tie a Destination NAT to a route-map and just match the exit interface..........doesn't seem to be the case.

Hi, you should look at nat outside destination, that should work too. But I think DNS on the router it's easier.

Thanks for the appreciation and good luck!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: