I am not entirely sure what you are trying to limit? If I am understanding you correctly, I would just configure DHCP to distribute a DNS server. This way, you don't have to manually configure each work station to point to the router. Then, DNS is limited to the LAN and the WAN can use a seperate DNS provider. Is this on par with what you are asking?
The issue is about permiting the LAN only users to utilized the router DNS service. Since the router DNS service is binded to all interfaces, the WAN interface is listenning to queries from Internet and would act as a public DNS server. I only want the DNS service listening the LAN only and relay requests to appropriate DNS list (ip name-servers) .
ip access-list 100 deny tcp [IP address that the DNS replies would be sent out] [WAN SNM] eq 53 any
ip access-list 100 deny udp [IP address that the DNS replies would be sent out] [WAN SNM] eq 53 any
interface [WAN interface]
ip policy route-map Block_DNS
Something like this should work. Place it on ur Internet facing router. I'm at work, so I can't verify the syntax but it should be similar to what you need. You may need multiple ACL statements to deny traffic coming from multiple routers, as well. Let me know if this helps any or is at least in the right ballpark.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...