I have a remote office that has an 871W and that's using a site-to-site VPN to an ASA 5505. Currently all DNS traffic is going to the main office for resolution. Is it possible to configure a split DNS so internal lookups continue across the VPN, but external requests use the remote office ISP?
I do have split tunneling enabled, but I can't figure out how to split the DNS.
I've done this in the ASA or Concentrator. On the ASA you have the option to configure split-dns in environments with split tunneling. You go under the group-policy to configure the list of domains to be resolved through the split tunneling.
group-policy sales attributes split-dns value example.com
I've never done it in IOS routers, but it seems that it can be done.
I have been trying to get the same feature working and at last succeeded. I've posted my config below which was added on an 877W, so should be good for you in your scenario too.
ACL 101 is my inbound ACL against Dialer0 interface.
interface BVI1 ip dns view-group mycomp_viewlist
ip dns view mycomp domain name-server 192.168.1.x domain name-server 192.168.1.x dns forwarder 192.168.1.x dns forwarder 192.168.1.x dns forwarding source-interface BVI1 ip dns view default domain name-server 212.x.x.x domain name-server 212.x.x.x dns forwarder 212.x.x.x dns forwarder 212.x.x.x dns forwarding source-interface BVI1 ip dns view-list default ip dns view-list mycomp_viewlist view mycomp 5 restrict name-group 10 view default 10 ip dns name-list 10 permit .*.mycomp.CO.UK ip dns server
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...