Difference between revisions of "DNS Redirection"
(Created page with "Suppose you are using your Cisco router as a DNS server, and you would like to have certain domains redirected to specific servers for their lookups. This would be useful for...") |
|||
Line 1: | Line 1: | ||
− | Suppose you are using your Cisco router as a DNS server, and you would like to have certain domains redirected to specific servers for their lookups. This would be useful for a remote VPN site that needs to look up internal hostnames from other sites, but doesn't want to use the other site's DNS server for internet lookups. | + | Suppose you are using your Cisco router as a DNS server, and you would like to have certain domains redirected to specific servers for their lookups. This would be useful for a remote VPN site that needs to look up internal hostnames from other sites, but doesn't want to use the other site's DNS server for internet lookups. You could also use this as a centralized way of banner blocking. |
This example works for any hosts in the ".local" domain (ie: myhost.local) and any PTR lookups for 192.168.x.x IPs. Note with this setup, you do not use the '''ip name-server x.x.x.x''' global command. | This example works for any hosts in the ".local" domain (ie: myhost.local) and any PTR lookups for 192.168.x.x IPs. Note with this setup, you do not use the '''ip name-server x.x.x.x''' global command. |
Revision as of 13:50, 20 June 2013
Suppose you are using your Cisco router as a DNS server, and you would like to have certain domains redirected to specific servers for their lookups. This would be useful for a remote VPN site that needs to look up internal hostnames from other sites, but doesn't want to use the other site's DNS server for internet lookups. You could also use this as a centralized way of banner blocking.
This example works for any hosts in the ".local" domain (ie: myhost.local) and any PTR lookups for 192.168.x.x IPs. Note with this setup, you do not use the ip name-server x.x.x.x global command.
ip dns name-list 100 permit .*.local ip dns name-list 100 permit .*.168.192.IN-ADDR.ARPA ip dns view INTERNET domain name-server 8.8.8.8 domain name-server 8.8.8.4 ip dns view INTERNAL domain name-server 10.10.10.5 ip dns view-list DNS-SERVERS view INTERNAL 10 restrict name-group 100 view INTERNET 100
When a host queries the DNS server, it checks to see if the query matches name-list 100. If it matches, it queries the INTERNAL group of servers. Otherwise, it queries the INTERNET group.