Looking for a working example of Splt DNS

Unanswered Question
Feb 28th, 2009
User Badges:

Hi All,


I am looking for anybody that can provide a working example of Split DNS. I cannot get my head around the offical Cisco doc (<A HREF="javascript:newWin('http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htspldns.html')">http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htspldns.html</A>).


Basically what I want to achieve is for teleworkers to use their Cisco 800s as a DNS Server. The router should forward all DNS queries to their public facing DNS servers, with exception to their windows domain (i.e. mydomain.local). The windows domain queries should be forwarded to the corporate DNS servers


I have put together the following config, but it doesn't appear to work.


If I specify the router as my DNS server I am unable to resolve DNS to both my public facing DNS server as well as my company DNS Servers.


ip domain name mycompany.local

ip name-server 194.x.x.x

ip name-server 62.x.x.x


ip dns view mycompany

logging

dns forwarder 192.168.x.x

dns forwarder 192.168.x.x

ip dns view default

logging

dns forwarder 194.x.x.x

dns forwarder 62.x.x.x

ip dns view-list mycompany

view mycompany 5

restrict name-group 10

view default 10

ip dns name-list 10 permit .*.mycompany.local

ip dns server view-group mycompany

ip dns server


Please Help somebody!


Thanks,


Kevin

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lmcruzhsa Fri, 04/16/2010 - 14:40
User Badges:

Looks ok for me but maybe you need to apply that view to an interface with " ip dns view-group XXXX" command, where XXXX is your view.

Did it work for you?

I am facing the same problem here :-/

kgreenway Tue, 04/27/2010 - 05:03
User Badges:

Hi,


Sorry for the delay..I read the message one weekend, but forgot to reply


No I didn't get it working, in the end I ended up using my Internal DNS for all..Not ideal but it works.


I'd still be really interested to learn if you, or anybody for that matter got it working.  The info at the time was very vague, additionally without any other posts posting successful operation.


Please reply and let me know your findings.


Thanks,


Kevin

lmcruzhsa Wed, 04/28/2010 - 01:14
User Badges:

No problem


I had a configuration here and it was working somehow, I open a TAC case to verify it and fix a small issue, and the """"engineer"""" -if you can say that about that person- gave a configuration and some steps and now it is not working at all... I am waiting for the survey.... GRRRR



Anyway... here is the configuration I had, it was working ok but local router was not able to use the local view to resolve our internal domain properly. The LAN was able to resolve the local domain properly as well the external DNS:


ip dns view SBA
domain name hispasat.local
domain list hispasat.local
domain timeout 1
domain retry 3
domain name-server  10.52.18.80
domain name-server  10.52.18.81
domain resolver source-interface FastEthernet0/1.1
domain round-robin
dns forwarder 10.52.18.80
dns forwarder 10.52.18.81
dns forwarding source-interface FastEthernet0/1.1
ip dns view default
domain name-server  8.8.8.8
domain name-server  8.8.4.4
domain resolver source-interface FastEthernet0/1.1
dns forwarder 8.8.8.8
dns forwarder 8.8.4.4
dns forwarding source-interface FastEthernet0/1.1
ip dns view-list SBA
view SBA 1
  restrict name-group 1
view default 2
ip dns name-list 1 permit .*.myinternaldomain.foo

! The next command is supossed for the local DNS view of the router, it was not working, router is using always the default view

ip dns server view-group SBA

ip dns server

!

interface FastEthernet0/1.1
  ip dns view-group SBA


Hope it helps

IOS 124-24.T3

Router 1841

kgreenway Sun, 05/02/2010 - 13:12
User Badges:

Thanks for posting the config...I still couldn't get it to work my side using your example .  So I decided to print out the Split DNS guide off the Cisco Website, find a quiet room and read it!  Low and behold it's finally working.


For me my problem was two things, that only became clear by enabling logging as instructed in the PDF.  Whilst mycomp view was being used for anything destined for mycomp.co.uk, the default was not being used for all other external/ISP related query's.  The problem caused by not specifying ip dns view-list default.


Additionally I'd also forgotten to update my Inbound ACL with the Public ISP DNS Server addresses.  So once the default View was being used for all Internet related DNS query's, and the ACL permitting DNS querys returning from my Public DNS all is working beautifully!


I've posted my part config below, which hopefully will help anybody setting up Split DNS.  This was enabled in IOS v124-15.T, on an 877W.


Thanks,


Kevin


interface BVI1
ip dns view-group mycomp_viewlist


ip dns view mycomp
domain name-server  192.168.1.x
domain name-server  192.168.1.x
dns forwarder 192.168.1.x
dns forwarder 192.168.1.x
dns forwarding source-interface BVI1
ip dns view default
domain name-server  212.x.x.x
domain name-server  212.x.x.x
dns forwarder 212.x.x.x
dns forwarder 212.x.x.x
dns forwarding source-interface BVI1
ip dns view-list default
ip dns view-list mycomp_viewlist
view mycomp 5
  restrict name-group 10
view default 10
ip dns name-list 10 permit .*.mycomp.CO.UK
ip dns server


access-list 101 permit udp host 212.x.x.x eq domain any gt 1023
access-list 101 permit udp host 212.x.x.x eq domain any gt 1023

hamed1900 Tue, 01/11/2011 - 15:50
User Badges:

Hi Kavin,


I am stuck in order to configure split DNS.

I used your configuration as it is much better than Cisco documents...however, It doesn not work ...all the request goes to default view list..

and ip dns view mycomp doesn not work, although I already permitted my domain.


Do you have any idea.


all the configuration is same as yours except the domain name of the my Company!! and I also used interface vlan ...


can you help please....

Actions

This Discussion