02-18-2024 12:35 AM
Hello Everyone,
I have an ASR1006 on which I've configured a virtual template for PPPoE connection and applied NAT config for the PPPoE clients to access the internet.
Is there a way to create a destination NAT for all DNS traffic to be redirected toward 8.8.8.8, so that if a PPPoE client sets the DNS on their device to any value other than (8.8.8.8), the ASR will force the traffic to go to 8.8.8.8.
So assume the PPPoE Clients range is 100.64.0.0/10, I want all the traffic that has:
Source IP (100.64.0.0/10) and destination IP (0.0.0.0/0) on UDP port 53
To be redirected to be:
Source IP (100.64.0.0/10) and destination IP (8.8.8.8) on UDP port 53
02-18-2024 01:18 AM
Will this idea I think will work
But the best is apply acl to drop any packet use l4 udp port 53 to any destiantion other than 8.8.8.8
This make user pc try any dnc failed and then use in end 8.8.8.8 this fallback is automatic.
MHM
02-18-2024 01:41 AM
Hello
@Ali Hazim wrote:
So assume the PPPoE Clients range is 100.64.0.0/10, I want all the traffic that has:Source IP (100.64.0.0/10) and destination IP (0.0.0.0/0) on UDP port 53
To be redirected to be:
Source IP (100.64.0.0/10) and destination IP (8.8.8.8) on UDP port 53
You could try policy based routing so traffic is forwarded to the correct dns.
Example:
Ip access-list extended DNS
permit tcp 100.64.0.0 0.3.255.255 eq domain any
permit udp a100.64.0.0 0.3.255.255 eq domain any
route-map DNS_rm
match ip address DNS
set ip next-hop 8.8.8.8
interface x/x
description LAN interface
ip policy-route DNS_rm
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide