Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT DNS payload replacement. Very funny, Cisco.

ip nat inside source list bunch_of_hosts pool some_pool overload

ip nat inside source static 10.10.10.10 91.91.91.91 no-payload

there is a DNS record:

some_host.some.domain     IN     A     91.91.91.91

from host in bunch_of_hosts list:

$ dig some_host.some.domain @8.8.8.8

;;ANSWER SECTION:

some_host.some.domain     IN     A     10.10.10.10

Who's idea was that? How to disable it??

Clarification: DNS server, hosting some.domain is NOT inside our network. It's completely different organisation and thir DNS gives the right answer when asked outside this NAT setup.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

NAT DNS payload replacement. Very funny, Cisco.

Hello,

Can you try using these commands? They should stop IOS rewriting the DNS contents as part of its NAT ALG.

no ip nat service alg tcp dns

no ip nat service alg udp dns

Best regards,

Peter

6 REPLIES

Re: NAT DNS payload replacement. Very funny, Cisco.

Dear Utair,

Am I correct If I ask you, do you need to remove nating?

I am sorry if I am wrong, can you please elaborate?

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

Regards Thanveer "Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."
New Member

NAT DNS payload replacement. Very funny, Cisco.

I need to disable payload inspection and modification for this NAT statement:

ip nat inside source list bunch_of_hosts pool some_pool overload

Because right now DNS replies for A record, containing 91.91.91.91 address gets modified by router to 10.10.10.10.

Re: NAT DNS payload replacement. Very funny, Cisco.

hi,

you'll need to contact your DNS hosting provider to correct your zone file records.

if you're not sure, check using WHOIS database.

New Member

NAT DNS payload replacement. Very funny, Cisco.

Did you read ALL what i have written?

Cisco Employee

NAT DNS payload replacement. Very funny, Cisco.

Hello,

Can you try using these commands? They should stop IOS rewriting the DNS contents as part of its NAT ALG.

no ip nat service alg tcp dns

no ip nat service alg udp dns

Best regards,

Peter

New Member

NAT DNS payload replacement. Very funny, Cisco.

Thanks!

That's what i needed.

2232
Views
0
Helpful
6
Replies