DNS Doctoring on Cisco 2811

Unanswered Question
Sep 24th, 2010
User Badges:

Hello,


I trying to get DNS doctoring to work with static nat on a Cisco 2811.  I've read some documentation and it states that this is the default behavior.  Can someone confirm this can be done on a router and that the configuration below looks okay.


DNS request user1-->intf0/0 or intf0/1-->Serial1/0

DNS response server1-->Serial1/0-->intf0/0 or intf0/1


The DNS request comes from a user on the 172.16.0.0(inside) and they are requesting access to Share1(10.10.30.100) im assuming the router will proxy the DNS request and return 172.29.30.100.  This works successfully on my ASA today with static nat and the dns keyword.


interface FastEthernet0/0
description Link to Core1
ip address 10.128.62.2 255.255.255.252
ip nat inside
!
interface FastEthernet0/1
description Link to Core2
ip address 10.128.62.6 255.255.255.252
ip nat inside
!
interface Serial1/0
description Link to WAN
ip address 10.1.1.1 255.255.255.252
ip nat outside
!
ip nat inside source static network 172.16.0.0 172.24.0.0 /16 (This works...hides 172.16 overlap)
ip nat outside source static network 10.10.1.0 172.29.32.0 /24 (works by IP but not name)
ip nat outside source static network 10.10.30.0 172.29.30.0 /24 (works by IP but not name)
ip nat outside source static network 172.16.232.0 172.29.31.0 /24 (works by IP but not name)
ip nat outside source static network 172.16.240.0 172.29.33.0 /24 (works by IP but not name)


Thanks in Advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
praprama Fri, 09/24/2010 - 08:41
User Badges:
  • Cisco Employee,

Hello,


Based on this document:


https://supportforums.cisco.com/docs/DOC-8936


DNS doctoring feature happens by default on Routers. Only requirement seems to be that the DNS server should be coming in on the interface which has "ip nat outside", that is, Serial1/0 in our case.


Hope this helps!!


Regards,

Prapanch

Actions

This Discussion