Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1597
Views
3
Helpful
3
Replies

ip dns server: how to redirect unwanted domains ? ... eg: rad.msn.com -> 10.10.10.10

nlariguet
Level 1
Level 1

‎12-20-2009 09:51 AM - edited ‎03-06-2019 09:01 AM

ip dns server ... I have the DNS server configured as follows:

ip dns server view-group dnsVLcustom

ip dns view-list dnsVLcustom
view dnsVcustom 1

ip dns view dnsVcustom
no domain lookup
dns forwarding
dns forwarder 208.67.222.222
dns forwarder 208.67.220.220

... is there a way to set something like this ?

rad.msn.com ---> n.n.n.n
spam.whatever.com ---> n.n.n.n
ads.whatever.com ---> n.n.n.n

... ie: don't forward for these domains, just return n.n.n.n

My current config has all those unwanted sites filtered by the incoming ACL but they are hard-coded by their IP addresses.

Problem is I am adding more unwanted domains and the ACL is getting bigger and (I presume) this will slow down everything -not to mention I can't be aware of IP changes.

It would be really good to have just one IP on this ACL for unwanted traffic stopping it right after entering the routers instead of a cumbersome hard-coded ACL.

Any suggestion ?

Labels:
0 Helpful
3 Replies 3

Eugene Khabarov
Level 7
Level 7

‎12-20-2009 02:33 PM

Hmmm.. you can use this for example

ip host spam.whatever.com n.n.n.n
but i think this is not good idea to block one ip with acl and use dns entries for filtering.

Try to use ip urlfilter:

ip urlfilter exclusive-domain deny spam.whatever.com

Please rate if this helps,

Eugene.

nlariguet
Level 1
Level 1
In response to Eugene Khabarov

‎12-21-2009 06:12 PM

thanks for you answer !

Although what you proposed is not exactly what I have in mind it is another open option which I'm glad you mentioned since I completely forgot the firewall options on IOS beacuse I am also running a PIX here.

The way you put it I can filter domains without having to put specific IPs on my incoming ACLs but it won't deny traffic directed to those IPs if the offending application (eg: read it MSN Messenger) is using those IPs directly and not a url such as whatever.rad.msn.com am I right ?

And if I was a spammer I will never use a url in the first place, I'll go directly to the servers by their IPs once I learned where to reach them.

Now if there is a way to intercept those DNS requests and/or answer those requests with any chosen IP ...

0 Helpful

Eugene Khabarov
Level 7
Level 7
In response to nlariguet

‎12-22-2009 10:44 PM

You're right, spam bot will go directly by ip-address. It will not make DNS-queries. So you need to do standard acl filtering for this purpose.

Please rate if this helps.

Eugene.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card