Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

DNS Doctoring on Cisco 2811

Hello,

I trying to get DNS doctoring to work with static nat on a Cisco 2811.  I've read some documentation and it states that this is the default behavior.  Can someone confirm this can be done on a router and that the configuration below looks okay.

DNS request user1-->intf0/0 or intf0/1-->Serial1/0

DNS response server1-->Serial1/0-->intf0/0 or intf0/1

The DNS request comes from a user on the 172.16.0.0(inside) and they are requesting access to Share1(10.10.30.100) im assuming the router will proxy the DNS request and return 172.29.30.100.  This works successfully on my ASA today with static nat and the dns keyword.


interface FastEthernet0/0
description Link to Core1
ip address 10.128.62.2 255.255.255.252
ip nat inside
!
interface FastEthernet0/1
description Link to Core2
ip address 10.128.62.6 255.255.255.252
ip nat inside
!
interface Serial1/0
description Link to WAN
ip address 10.1.1.1 255.255.255.252
ip nat outside
!
ip nat inside source static network 172.16.0.0 172.24.0.0 /16 (This works...hides 172.16 overlap)
ip nat outside source static network 10.10.1.0 172.29.32.0 /24 (works by IP but not name)
ip nat outside source static network 10.10.30.0 172.29.30.0 /24 (works by IP but not name)
ip nat outside source static network 172.16.232.0 172.29.31.0 /24 (works by IP but not name)
ip nat outside source static network 172.16.240.0 172.29.33.0 /24 (works by IP but not name)

Thanks in Advance.

1 REPLY
Cisco Employee

Re: DNS Doctoring on Cisco 2811

Hello,

Based on this document:

https://supportforums.cisco.com/docs/DOC-8936

DNS doctoring feature happens by default on Routers. Only requirement seems to be that the DNS server should be coming in on the interface which has "ip nat outside", that is, Serial1/0 in our case.

Hope this helps!!

Regards,

Prapanch

649
Views
0
Helpful
1
Replies
CreatePlease to create content