Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS DNS respone for public IP address

Is it possible to have the CSS respond with an A record IP address that isn't configured as a VIP?

I.E. If an end user is looking up a DNS name for www.mysite.com which is Globally load balanced with my CSS and I want to return the public address as apposed to the internal private address of the VIP, can I do this?

E.G

dns-record a www.mysite.com 201.1.1.1

# this is the public IP address that is translated by an external firewall to 10.1.1.1 for internal comms

content mysite.com

vip address 10.1.1.1

protocol tcp

port 80

url "/*" eql cacheable

add service mysebserver

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: CSS DNS respone for public IP address

yes, this is possible.

Just be aware that if you have internal hosts trying to get a dns answer from the CSS they will also get the public ip.

There is no way to distinguished between internal and external host.

Normally, you should only answer with the private ip and the firewall uses dns fixup to translate the ip inside the dns response.

With a GSS, it is possible to use a src ip access-list so the dns response can be different depending on the ip of the requester.

Gilles.

1 REPLY
Cisco Employee

Re: CSS DNS respone for public IP address

yes, this is possible.

Just be aware that if you have internal hosts trying to get a dns answer from the CSS they will also get the public ip.

There is no way to distinguished between internal and external host.

Normally, you should only answer with the private ip and the firewall uses dns fixup to translate the ip inside the dns response.

With a GSS, it is possible to use a src ip access-list so the dns response can be different depending on the ip of the requester.

Gilles.

380
Views
0
Helpful
1
Replies
CreatePlease to create content