04-26-2021 11:18 AM
Hi All,
How can forward any DNS requests to my internal DNS server?
The router is configured with a NAT address of the LAN network on the WAN interface.
My DNS server is 192.168.255.1 (remote site)
interface WAN
ip add 10.10.10.1 255.255.255.252
ip nat outside
interface LAN
ip add 192.168.0.1 255.255.255.0
ip nat inside
ip nat inside source list 1 interface WAN overload
access-list 1 permit 192.168.0.0 0.0.0.255
ip route 0.0.0.0 0.0.0.0 10.10.10.2
Thanks,
04-26-2021 11:42 AM
How do you reach this network ? "My DNS server is 192.168.255.1 (remote site)"
Via WAN ? or VPN ?
ip route 0.0.0.0 0.0.0.0 10.10.10.2 - is this route to connect other side (where the DNS Server Located ?)
04-27-2021 02:34 AM
The server DNS 192.168.255.1 is reachable via VPN MPLS (other branch connected in a MPLS Service Provider).
ip route 0.0.0.0 0.0.0.0 10.10.10.2 - is this route to connect other side (where the DNS Server Located ?) -----> no, is the default route vs PE interface.
Thank you
Marco
04-27-2021 03:29 AM
As long as VPN Tunnel UP user can able to resolve the DNS IP address to resolve - that should work.
04-27-2021 05:37 AM
I do not have a VPN tunnel, my branches are connected via L3 VPN any to any.
All LAN host browse internet with google DNS but this is wrong.
All branch routers must redirect all DNS request to my internal DNS (I cannot change DNS on hosts
Thank you
M
04-27-2021 05:43 AM
All branch routers must redirect all DNS request to my internal DNS (I cannot change DNS on hosts )
Sure you can setup in DHCP what DNS Server to use - Hope you are using DHCP Server for the IP allocaiton ?
04-27-2021 06:08 AM
More hosts have a static IP, the customer would like to redirect all DNS requests for a security feature.
It is possibile configure it on a router? The customer does not want configure it on a firewall because it is a small device
Sorry for my english!
04-27-2021 06:26 AM
You mean all the users device already configured google DNS 8.8.8.8 ?
Then you need to do Dummy 8.8.8.8 Punch Hole locally or do some NAT
You can use NAT with redirection. Change its destination IP from 8.8.8.8 -> 192.168.255.1 with redirect target IP
04-29-2021 12:46 AM
No, the customer use many DNS Servers (google, opendns, etc)
I don't know what the dns the hosts uses.
This command permit NAT 1:1 from 8.8.8.8 to 172.16.1.1 (customer DNS)
""" ip nat outside source static udp 172.16.1.1 53 8.8.8.8 53 """ NAT 1:1
It is possible configure NAT N:1 ? (N= dns google and other):(1= customer DNS)
Thank you
04-29-2021 03:30 AM - edited 04-29-2021 03:35 AM
Not that i am aware that going to work. that way - you can do below test all redirect DNS request to Local DNS Server.
Access-list to match dns requests
===========
ip access-list extended mydns
permit udp any any eq 53
Route-Map to match access List
================================
route-map redirect_mydns 10
match ip address mydns
set ip next-hop 192.168.88.100
route-map redirect_mydns permit 20
apply the rule on Layer 3 Interface where it leaving the traffic
interface G0/0
ip policy route-map redirect_mydns
Verification
=============
#sh access-list
#sh route-map
#sh access-list mydns
EDIT : found nat example may be helpful :
object network OBJ_ANY
subnet 0.0.0.0 0.0.0.0
object network OpenDNS_UDP
host x.x.x.x -- your DNS IP
object service DNS_UDP
service udp destination eq 53
nat (inside,outside) source dynamic any interface destination static OBJ_ANY OpenDNS_UDP service DNS_UDP DNS_UDP
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: