Difference between revisions of "DNS Redirection"

From Baranoski.ca
Jump to navigation Jump to search
(Created page with "Suppose you are using your Cisco router as a DNS server, and you would like to have certain domains redirected to specific servers for their lookups. This would be useful for...")
 
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
Suppose you are using your Cisco router as a DNS server, and you would like to have certain domains redirected to specific servers for their lookups.  This would be useful for a remote VPN site that needs to look up internal hostnames from other sites, but doesn't want to use the other site's DNS server for internet lookups.
+
Suppose you are using your Cisco router as a DNS server, and you would like to have certain domains redirected to specific servers for their lookups.  This would be useful for a remote VPN site that needs to look up internal hostnames from other sites, but doesn't want to use the other site's DNS server for internet lookups.  You could also use this as a centralized way of banner blocking.
  
 
This example works for any hosts in the ".local" domain (ie: myhost.local) and any PTR lookups for 192.168.x.x IPs.  Note with this setup, you do not use the '''ip name-server x.x.x.x''' global command.
 
This example works for any hosts in the ".local" domain (ie: myhost.local) and any PTR lookups for 192.168.x.x IPs.  Note with this setup, you do not use the '''ip name-server x.x.x.x''' global command.
Line 7: Line 7:
 
ip dns name-list 100 permit .*.168.192.IN-ADDR.ARPA
 
ip dns name-list 100 permit .*.168.192.IN-ADDR.ARPA
  
ip dns view INTERNET
+
ip dns view default
 
  domain name-server  8.8.8.8
 
  domain name-server  8.8.8.8
 
  domain name-server  8.8.8.4
 
  domain name-server  8.8.8.4
Line 17: Line 17:
 
  view INTERNAL 10
 
  view INTERNAL 10
 
   restrict name-group 100
 
   restrict name-group 100
  view INTERNET 100
+
  view default 100
 
</PRE>
 
</PRE>
  
When a host queries the DNS server, it checks to see if the query matches name-list 100.  If it matches, it queries the INTERNAL group of servers.  Otherwise, it queries the INTERNET group.
+
When a host queries the DNS server, it checks to see if the query matches name-list 100.  If it matches, it queries the INTERNAL group of servers.  Otherwise, it queries the default group.  Note that "default" is actually a keyword.  It refers to the same set of nameservers that the router will use for lookups when executing commands (ie "ping www.google.ca").

Latest revision as of 09:36, 16 September 2013

Suppose you are using your Cisco router as a DNS server, and you would like to have certain domains redirected to specific servers for their lookups. This would be useful for a remote VPN site that needs to look up internal hostnames from other sites, but doesn't want to use the other site's DNS server for internet lookups. You could also use this as a centralized way of banner blocking.

This example works for any hosts in the ".local" domain (ie: myhost.local) and any PTR lookups for 192.168.x.x IPs. Note with this setup, you do not use the ip name-server x.x.x.x global command.

ip dns name-list 100 permit .*.local
ip dns name-list 100 permit .*.168.192.IN-ADDR.ARPA

ip dns view default
 domain name-server  8.8.8.8
 domain name-server  8.8.8.4

ip dns view INTERNAL
 domain name-server  10.10.10.5

ip dns view-list DNS-SERVERS
 view INTERNAL 10
  restrict name-group 100
 view default 100

When a host queries the DNS server, it checks to see if the query matches name-list 100. If it matches, it queries the INTERNAL group of servers. Otherwise, it queries the default group. Note that "default" is actually a keyword. It refers to the same set of nameservers that the router will use for lookups when executing commands (ie "ping www.google.ca").