Cisco Support Community
Community Member

ip dns server: how to redirect unwanted domains ? ... eg: ->

ip dns server ... I have the DNS server configured as follows:

ip dns server view-group dnsVLcustom

ip dns view-list dnsVLcustom
view dnsVcustom 1

ip dns view dnsVcustom
no domain lookup
dns forwarding
dns forwarder
dns forwarder

... is there a way to set something like this ? ---> n.n.n.n ---> n.n.n.n ---> n.n.n.n

... ie: don't forward for these domains, just return n.n.n.n

My current config has all those unwanted sites filtered by the incoming ACL but they are hard-coded by their IP addresses.

Problem is I am adding more unwanted domains and the ACL is getting bigger and (I presume) this will slow down everything -not to mention I can't be aware of IP changes.

It would be really good to have just one IP on this ACL for unwanted traffic stopping it right after entering the routers instead of a cumbersome hard-coded ACL.

Any suggestion ?

Everyone's tags (5)

Re: ip dns server: how to redirect unwanted domains ? ... eg: ra

Hmmm.. you can use this for example

ip host n.n.n.n
but i think this is not good idea to block one ip with acl and use dns entries for filtering.

Try to use ip urlfilter:

ip urlfilter exclusive-domain deny

Please rate if this helps,


Community Member

Re: ip dns server: how to redirect unwanted domains ? ... eg: ra

thanks for you answer !

Although what you proposed is not exactly what I have in mind it is another open option which I'm glad you mentioned since I completely forgot the firewall options on IOS beacuse I am also running a PIX here.

The way you put it I can filter domains without having to put specific IPs on my incoming ACLs but it won't deny traffic directed to those IPs if the offending application (eg: read it MSN Messenger) is using those IPs directly and not a url such as am I right ?

And if I was a spammer I will never use a url in the first place, I'll go directly to the servers by their IPs once I learned where to reach them.

Now if there is a way to intercept those DNS requests and/or answer those requests with any chosen IP ...

Re: ip dns server: how to redirect unwanted domains ? ... eg: ra

You're right, spam bot will go directly by ip-address. It will not make DNS-queries. So you need to do standard acl filtering for this purpose.

Please rate if this helps.


CreatePlease to create content