Difference between revisions of "DNS Redirection"

From Baranoski.ca
Jump to navigation Jump to search
(Created page with "Suppose you are using your Cisco router as a DNS server, and you would like to have certain domains redirected to specific servers for their lookups. This would be useful for...")
 
Line 1: Line 1:
Suppose you are using your Cisco router as a DNS server, and you would like to have certain domains redirected to specific servers for their lookups.  This would be useful for a remote VPN site that needs to look up internal hostnames from other sites, but doesn't want to use the other site's DNS server for internet lookups.
+
Suppose you are using your Cisco router as a DNS server, and you would like to have certain domains redirected to specific servers for their lookups.  This would be useful for a remote VPN site that needs to look up internal hostnames from other sites, but doesn't want to use the other site's DNS server for internet lookups.  You could also use this as a centralized way of banner blocking.
  
 
This example works for any hosts in the ".local" domain (ie: myhost.local) and any PTR lookups for 192.168.x.x IPs.  Note with this setup, you do not use the '''ip name-server x.x.x.x''' global command.
 
This example works for any hosts in the ".local" domain (ie: myhost.local) and any PTR lookups for 192.168.x.x IPs.  Note with this setup, you do not use the '''ip name-server x.x.x.x''' global command.

Revision as of 13:50, 20 June 2013

Suppose you are using your Cisco router as a DNS server, and you would like to have certain domains redirected to specific servers for their lookups. This would be useful for a remote VPN site that needs to look up internal hostnames from other sites, but doesn't want to use the other site's DNS server for internet lookups. You could also use this as a centralized way of banner blocking.

This example works for any hosts in the ".local" domain (ie: myhost.local) and any PTR lookups for 192.168.x.x IPs. Note with this setup, you do not use the ip name-server x.x.x.x global command.

ip dns name-list 100 permit .*.local
ip dns name-list 100 permit .*.168.192.IN-ADDR.ARPA

ip dns view INTERNET
 domain name-server  8.8.8.8
 domain name-server  8.8.8.4

ip dns view INTERNAL
 domain name-server  10.10.10.5

ip dns view-list DNS-SERVERS
 view INTERNAL 10
  restrict name-group 100
 view INTERNET 100

When a host queries the DNS server, it checks to see if the query matches name-list 100. If it matches, it queries the INTERNAL group of servers. Otherwise, it queries the INTERNET group.