DNS Doctoring is a feature where the router/ASA/PIX opens up the DNS response coming on the outside interface from an External DNS server present on the internet and translates its Public ip to Private (if it has a static NAT entry for that public ip)
This enables the internal host to receive the Private ip of the server as an answer from DNS server for the FQDN/Website name and hence communication commences with that private ip.
Now this "DNS Doctoring" is enabled by Default on routers (whereas it has to be manually turned-on on ASA and PIX)
Note:pre-requisite here is, DNS server needs to be present on the Internet so that the DNS response hits "ip nat outside" interface
** When sitting on the inside LAN segment, you cannot access the internal server using its Public NATted ip. This is a NAT limitation with routers.
You will have to use the private ip to access that server.
Ping to that Public Ip from inside host might work because Router will respond back for that ping, not the actual server. And if we use "no-alias" keyword at the end of the static NAT statement, then even this ping would stop working. And again, this is an expected behaviour of router.
Possible workarounds to accomplish the above requirement i.e access the internal server from the same LAN (pre-requisite for this is, use of FQDN to access the server. By using the public ip, there is no way we can accomplish this): 1. Use one to one static NAT translation for the private ip of the server which will enable DNS doctoring 2. Use an internal DNS server with the mapping of this website to the private ip 3. Change the host file on the PC's trying to access this server from inside (which generally is not a feasible solution as there could be many hosts in LAN)
Hi, on an 2960XR at one of our branches there are three vlans: 5 (management), 10 (data), 20 (voice). Switch is uplinked to a MPLS carrier CE, which is gateway for all three networks. Switches management IP address is 192.168.5.2, default gatew...
Hey everyone! I need help with this. We just finished our lab tutorial on Cisco Packet Tracer and were told to design a network map. In this scenario, it consists of a building that has four floors in which their administrative, technician and l...
Background:RFC 3101, 1587, 1583, RFC 5340 and RFC 2328 can be changed using the compatible command.To restore the method used to calculate summary route costs per RFC 1583, use the compatible rfc1583 command in router configuration mode. To disable RFC 15...
Hello team is possible some way prepend AS path to route based on destination network ? or AS ? Ilocal preference is for icncoming, prepend for outgoing subnets.But when i prepend ASpath to my LAN is goes for everyone. But i want filter it onlu for one de...
I currently have the following setup mostly working.If I have a computer plugged into the phone and then plug the phone in to the network everything works.I plug my phone in and it is put on the voice vlan.The computer that plugs in to the phone does one ...