02-28-2009 09:40 AM - edited 03-04-2019 03:45 AM
Hi All,
I am looking for anybody that can provide a working example of Split DNS. I cannot get my head around the offical Cisco doc (<A HREF="javascript:newWin('http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htspldns.html')">http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htspldns.html</A>).
Basically what I want to achieve is for teleworkers to use their Cisco 800s as a DNS Server. The router should forward all DNS queries to their public facing DNS servers, with exception to their windows domain (i.e. mydomain.local). The windows domain queries should be forwarded to the corporate DNS servers
I have put together the following config, but it doesn't appear to work.
If I specify the router as my DNS server I am unable to resolve DNS to both my public facing DNS server as well as my company DNS Servers.
ip domain name mycompany.local
ip name-server 194.x.x.x
ip name-server 62.x.x.x
ip dns view mycompany
logging
dns forwarder 192.168.x.x
dns forwarder 192.168.x.x
ip dns view default
logging
dns forwarder 194.x.x.x
dns forwarder 62.x.x.x
ip dns view-list mycompany
view mycompany 5
restrict name-group 10
view default 10
ip dns name-list 10 permit .*.mycompany.local
ip dns server view-group mycompany
ip dns server
Please Help somebody!
Thanks,
Kevin
03-04-2009 12:22 AM
Anybody?
04-16-2010 02:40 PM
Looks ok for me but maybe you need to apply that view to an interface with " ip dns view-group XXXX" command, where XXXX is your view.
Did it work for you?
I am facing the same problem here :-/
04-27-2010 05:03 AM
Hi,
Sorry for the delay..I read the message one weekend, but forgot to reply
No I didn't get it working, in the end I ended up using my Internal DNS for all..Not ideal but it works.
I'd still be really interested to learn if you, or anybody for that matter got it working. The info at the time was very vague, additionally without any other posts posting successful operation.
Please reply and let me know your findings.
Thanks,
Kevin
04-28-2010 01:14 AM
No problem
I had a configuration here and it was working somehow, I open a TAC case to verify it and fix a small issue, and the """"engineer"""" -if you can say that about that person- gave a configuration and some steps and now it is not working at all... I am waiting for the survey.... GRRRR
Anyway... here is the configuration I had, it was working ok but local router was not able to use the local view to resolve our internal domain properly. The LAN was able to resolve the local domain properly as well the external DNS:
ip dns view SBA
domain name hispasat.local
domain list hispasat.local
domain timeout 1
domain retry 3
domain name-server 10.52.18.80
domain name-server 10.52.18.81
domain resolver source-interface FastEthernet0/1.1
domain round-robin
dns forwarder 10.52.18.80
dns forwarder 10.52.18.81
dns forwarding source-interface FastEthernet0/1.1
ip dns view default
domain name-server 8.8.8.8
domain name-server 8.8.4.4
domain resolver source-interface FastEthernet0/1.1
dns forwarder 8.8.8.8
dns forwarder 8.8.4.4
dns forwarding source-interface FastEthernet0/1.1
ip dns view-list SBA
view SBA 1
restrict name-group 1
view default 2
ip dns name-list 1 permit .*.myinternaldomain.foo
! The next command is supossed for the local DNS view of the router, it was not working, router is using always the default view
ip dns server view-group SBA
ip dns server
!
interface FastEthernet0/1.1
ip dns view-group SBA
Hope it helps
IOS 124-24.T3
Router 1841
05-02-2010 01:12 PM
Thanks for posting the config...I still couldn't get it to work my side using your example . So I decided to print out the Split DNS guide off the Cisco Website, find a quiet room and read it! Low and behold it's finally working.
For me my problem was two things, that only became clear by enabling logging as instructed in the PDF. Whilst mycomp view was being used for anything destined for mycomp.co.uk, the default was not being used for all other external/ISP related query's. The problem caused by not specifying ip dns view-list default.
Additionally I'd also forgotten to update my Inbound ACL with the Public ISP DNS Server addresses. So once the default View was being used for all Internet related DNS query's, and the ACL permitting DNS querys returning from my Public DNS all is working beautifully!
I've posted my part config below, which hopefully will help anybody setting up Split DNS. This was enabled in IOS v124-15.T, on an 877W.
Thanks,
Kevin
interface BVI1
ip dns view-group mycomp_viewlist
ip dns view mycomp
domain name-server 192.168.1.x
domain name-server 192.168.1.x
dns forwarder 192.168.1.x
dns forwarder 192.168.1.x
dns forwarding source-interface BVI1
ip dns view default
domain name-server 212.x.x.x
domain name-server 212.x.x.x
dns forwarder 212.x.x.x
dns forwarder 212.x.x.x
dns forwarding source-interface BVI1
ip dns view-list default
ip dns view-list mycomp_viewlist
view mycomp 5
restrict name-group 10
view default 10
ip dns name-list 10 permit .*.mycomp.CO.UK
ip dns server
access-list 101 permit udp host 212.x.x.x eq domain any gt 1023
access-list 101 permit udp host 212.x.x.x eq domain any gt 1023
01-11-2011 03:50 PM
Hi Kavin,
I am stuck in order to configure split DNS.
I used your configuration as it is much better than Cisco documents...however, It doesn not work ...all the request goes to default view list..
and ip dns view mycomp doesn not work, although I already permitted my domain.
Do you have any idea.
all the configuration is same as yours except the domain name of the my Company!! and I also used interface vlan ...
can you help please....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide