[c-nsp] Cisco Access List DNS redirect

Raj Panchal raj.panchal at vsnl.co.in
Mon Feb 13 01:14:35 EST 2006

Any help regarding SSG .. Pls ask me I shall be happy to assist 


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Oliver Boehmer
Sent: Sunday, February 12, 2006 2:10 PM
To: Alexander C. Fossa; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Cisco Access List DNS redirect

Alexander C. Fossa <> wrote on Saturday, February 11, 2006 11:57 PM:

> Just a quick question... I'm trying to make a cisco access list do the
> following but failing miserably.
> Any DNS requests out of the dialer0 interface are re-addressed to a
> specific DNS server. So if the client can put whatever he wants as his
> DNS server on his local machine, but the router redirects everything
> to my DNS server.
> Is it possible? I've tried access lists with a route-map but not
> having any success :-(

I think you have two options:

- policy route all DNS traffic to a directly connected server who
listens to all destination IP addresses (as policy-routing will not
rewrite the IP header), so you need to do something on the
server/application side as well.

- Use SSG (which is pretty complex, I think, but I'm not very familiar
with it)


cisco-nsp mailing list  cisco-nsp at puck.nether.net
archive at http://puck.nether.net/pipermail/cisco-nsp/

Disclaimer note on content of this message including enclosure(s) and attachments(s): The contents of this e-mail are the privileged and confidential material of VSNL. The information is solely intended for the individual/entity it is addressed to. If you are not the intended recipient of this message, please be aware that you are not authorized in any which way whatsoever to read, forward, print, retain, copy or disseminate this message or any part of it. We apologize if  you have received this e-mail in error and would request you to please notify the sender immediately by return e-mail and delete it from your computer.  The views expressed in this e-mail message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of VSNL. This e-mail message including attachment(s), if any, is believed to be free of any virus and VSNL is not responsible for any loss or damage arising in any way from its use

More information about the cisco-nsp mailing list