cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1469
Views
0
Helpful
1
Replies

cisco 1821 as DNS server

Hello I have a cisco 1821 router acting as remote access for vpnclients, LAN LAN VPN device and also

LAN router. All in one.

My LAN has a 192.168.23.0/24 addressing, and router has 2 IP Addresses, one on public IP on the public interface Fa0/1

and 192.168.203.1 on the private interface Fa0/0

I set up it as a name server for local LAN:

ip dns server

ip host pc10 192.168.203.10
ip host pc83 192.168.203.83
ip host c1821 192.168.203.1

I did this so that local PC on my lan can have a resolution for local addresses since I do not have a DNS server inside my line

and I do not have a Active Directory infrastructure.

on the public IP interface my router can be queried for LOCAL IP  resolution for my lan 192.168.203.0/24, I Tryed from outside using dig command.

I Wanted to prevent this. I cannot use an ACL because I would prevent DNS queries to work in general. trying to resolve

an external IP Address from inside my lan, I just want the router to refuse DNS resolution for any query coming to external interface,

while I Want to allow only queries coming form my local lan to internal interface.

is this possible in some way ?

thank you

Riccardo

1 Reply 1

Phillip Remaker
Cisco Employee
Cisco Employee

You are asking your IOS device to act as a split-DNS server, providing RFC1918 addresses on internal interfaces, and global address (or no addresses) on the public inetrface.

Look at the "ip dns view" command so you can present differnt DNS responses by interface.

This article may help:

http://www.nil.com/ipcorner/RouterDNS/