Split DNS - Cisco IOS

GRANT3779 · ‎02-04-2016

I'm looking to use split DNS for a remote site (Office B) so they can still browse Internet if the VPN to main office (Office A) goes down.

Office B only has a few users and no server so DHCP is running on the local router there. It hands out Internal DNS servers (accessible over the VPN), domain name etc.

Of course if this link fails, then DNS is gone and they can't browse like they are used to. I'm looking at testing the following.

ip dns name-list 10 permit .*.mycompany.corp

ip dns view View-CORP
domain list mycompany.corp
domain name-server 172.25.225.10
domain name-server 172.25.225.15

domain resolver source-interface tunnel20
doamin round-robin

dns forwarder 172.25.225.10
dns forwarder 172.25.225.15

dns forwarding source-interface tunnel20

ip dns view default
domain timeout 1
domain resolver source-interface gi0/1.7
dns forwarder 8.8.8.8
dns forwarder 8.8.4.4

dns forwarding source-interface gi0/1.7

ip dns view-list LIST-CORP
view View-CORP 10
restrict name-group 10

view default 80

ip dns server view-group LIST-CORP
ip dns server

interface gi0/1.7
ip dns view-group LIST-CORP

My query is - once I configure the above, do I just remove the DNS server that are currentlyconfigured within my DHCP scope?

Philip D'Ath · ‎02-05-2016

With regard to DHCP scope, you configure DNS to point to the routers local interface.

Here is a shorter config that will do exactly what you want, assuming your AD domain is called mycompany.corp. Just configure your router to learn the ISPs DNS servers dynamically.

ip dns view default
 domain name mycompany.corp
ip dns view active-directory
 domain name mycompany.corp
 domain name-server 172.25.225.10
 domain name-server 172.25.225.15
 dns forwarding source-interface Vlan1
ip dns view-list isp
 view active-directory 1
   restrict name-group 1
 view default 100
ip dns name-list 1 permit .*mycompany.corp$
ip dns server view-group isp
ip dns server

GRANT3779 · ‎02-05-2016

Hi Philip,

Thanks for that. Regarding the following line -

configure your router to learn the ISPs DNS servers dynamically

My Public facing interface is a statically assigned IP address. How can I get it learn the DNS servers dynamically? Apologies if this is simple enough!

So for my IOS DHCP Scope - Do I just put the routers Sub Interface as the DNS Server - as below

ip dhcp pool DATA_LAN
network 172.25.248.0 255.255.255.0
default-router 172.25.248.1
domain-name mycompany.corp
dns-server - 172.25.248.1

Philip D'Ath · ‎02-05-2016

To configure the ISP name servers use:

ip name-server x.x.x.x y.y.y.y

I would also add (for security):

ip dhcp pool DATA_LAN
  update arp

GRANT3779 · ‎02-10-2016

Hi Philip,

I used my original config above and amended DHCP Scope to use 172.25.248.1 (data vlan sub interface GW) as the DNS server.

Clients renewed DHCP and picked up new address / dns server but were unable to ping internal hostnames. Would not resolve "can't find host"

Can you see anything obviously wrong above? I will try setting this up in a test environment ad see if I can get it working.

Philip D'Ath · ‎02-10-2016

Try making the domain in the name-list all capitals. I have had issues with some IOS versions where it doesn't work if the name list is in lower case.

Failing that, please show us your current DNS configuration again.