cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1456
Views
5
Helpful
9
Replies

redirect DNS request

Marco83
Beginner
Beginner

Hi All,

How can forward any DNS requests to my internal DNS server?

The router is configured with a NAT address of the LAN network on the WAN interface.  

 

My DNS server is 192.168.255.1 (remote site)

 

interface WAN
ip add 10.10.10.1 255.255.255.252
ip nat outside

 

interface LAN
ip add 192.168.0.1 255.255.255.0
ip nat inside

 

ip nat inside source list 1 interface WAN overload

 

access-list 1 permit 192.168.0.0 0.0.0.255

 

ip route 0.0.0.0 0.0.0.0 10.10.10.2

 

Thanks,

9 Replies 9

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

How do you reach this network ?  "My DNS server is 192.168.255.1 (remote site)"

 

Via WAN ? or VPN ?

 

ip route 0.0.0.0 0.0.0.0 10.10.10.2   - is this route to connect other side (where the DNS Server Located ?)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

The server DNS 192.168.255.1 is reachable via VPN MPLS (other branch connected in a MPLS Service Provider).

ip route 0.0.0.0 0.0.0.0 10.10.10.2   - is this route to connect other side (where the DNS Server Located ?) -----> no, is the default route vs PE interface.

 

Thank you

Marco

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

As long as VPN Tunnel UP user can able to resolve the DNS IP address to resolve - that should work.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I do not have a VPN tunnel, my branches are connected via L3 VPN any to any.

All LAN host browse internet with google DNS but this is wrong.

All branch routers must redirect all DNS request to my internal DNS (I cannot change DNS on hosts )

 

Thank you

M

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend
All branch routers must redirect all DNS request to my internal DNS (I cannot change DNS on hosts )

Sure you can setup in DHCP what DNS Server to use - Hope you are using DHCP Server for the IP allocaiton ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

More hosts have a static IP, the customer would like to redirect all DNS requests for a security feature.

It is possibile configure it on a router? The customer does not want configure it on a firewall because it is a small device

 

Sorry for my english!

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

You mean all the users device already configured google DNS 8.8.8.8 ?

 

Then you need to do Dummy 8.8.8.8 Punch Hole locally  or do some NAT

 

You can use NAT with redirection. Change its destination IP from 8.8.8.8 -> 192.168.255.1  with redirect target IP

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

No, the customer use many DNS Servers (google, opendns, etc)

I don't know what the dns the hosts uses.

 

This command permit NAT 1:1 from 8.8.8.8 to 172.16.1.1 (customer DNS)

""" ip nat outside source static udp 172.16.1.1 53 8.8.8.8 53 """  NAT 1:1

 

It is possible configure NAT N:1 ? (N= dns google and other):(1= customer DNS)

 

Thank you

 

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

Not that i am aware that going to work. that way - you can do below test  all redirect DNS request to Local DNS Server.

 

Access-list to match dns requests
===========
ip access-list extended mydns
permit udp any any eq 53

Route-Map to match access List
================================
route-map redirect_mydns 10
match ip address mydns
set ip next-hop 192.168.88.100
route-map redirect_mydns permit 20

apply the rule on Layer 3 Interface where it leaving the traffic
interface G0/0
ip policy route-map redirect_mydns

Verification
=============
#sh access-list
#sh route-map
#sh access-list mydns

 

EDIT : found nat example may be helpful :

 

object network OBJ_ANY
 subnet 0.0.0.0 0.0.0.0

object network OpenDNS_UDP
 host x.x.x.x -- your DNS IP
 
object service DNS_UDP
 service udp destination eq 53

nat (inside,outside) source dynamic any interface destination static OBJ_ANY OpenDNS_UDP service DNS_UDP DNS_UDP

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: