[c-nsp] Cisco Access List DNS redirect

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Sun Feb 12 03:40:29 EST 2006

Alexander C. Fossa <> wrote on Saturday, February 11, 2006 11:57 PM:

> Just a quick question... I'm trying to make a cisco access list do the
> following but failing miserably.
> Any DNS requests out of the dialer0 interface are re-addressed to a
> specific DNS server. So if the client can put whatever he wants as his
> DNS server on his local machine, but the router redirects everything
> to my DNS server.
> Is it possible? I've tried access lists with a route-map but not
> having any success :-(

I think you have two options:

- policy route all DNS traffic to a directly connected server who
listens to all destination IP addresses (as policy-routing will not
rewrite the IP header), so you need to do something on the
server/application side as well.

- Use SSG (which is pretty complex, I think, but I'm not very familiar
with it)


More information about the cisco-nsp mailing list