[c-nsp] DNS forwarding/proxy

Rodney Dunn rodunn at cisco.com
Tue Jul 18 08:33:15 EDT 2006


It just so happens I was looking at a case with that split
DNS yesterday and it's the first time I'd ever looked at it.

It seemed pretty cool and sounds exactly like you want.

Check the feature module guide Oliver gave you.

You define views and based on the matches of the views you
determine how to handle the DNS request.

And if I read that link right the DNS request MUST be directed
at an ip address on the router. Which makes sense for it to process
it.

Give it a try and let us know if that does it for you.

Rodney

On Tue, Jul 18, 2006 at 01:12:01PM +0200, Florian Prester wrote:
> Oliver Boehmer (oboehmer) wrote:
> > Check out "Split DNS" feature (very new, 12.4(9)T,
> > http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a0
> > 0806bd780.html), which could do what you need, but likely not on your
> > platform :-|
> >
> > What are yoy trying to achieve?
> >   
> We are restructuring a network, containing about 500 Clients which are 
> used to take the default gateway as DNS-Server too.
> But within the new network there is a different DNS-Server, which IP is 
> unequal to the default GW.
> 
> So now I want to redirect the DNS-Traffic so I, or the others do not 
> have to alter all the DNS-Server-Entries on the Clients, unfortunately 
> they do not use dhcp, yet.
> 
> Florian
> 
> > 	oli
> >
> > Florian Prester <mailto:Florian.Prester at rrze.uni-erlangen.de> wrote on
> > Tuesday, July 18, 2006 12:19 PM:
> >
> >   
> >> Thanks for your answer, even if it does not sound very good :-(.
> >>
> >> Is it possible to redirect some traffic by using ACLs?
> >> I think I have read something about doing so, but cannot remember
> >> where and on what system.
> >>
> >> Thank you
> >> Florian Prester
> >>
> >>
> >> Oliver Boehmer (oboehmer) wrote:
> >>     
> >>> There is "ip dns server" (don't think it is available on the Cat4500
> >>> software releases, but it is in 12.2T/12.3 and later releases in some
> >>> advanced feature sets) which turns a Cisco router into a caching DNS
> >>> server, it uses the configured "ip name-sever ...." addresses as
> >>> forwarders. There is little documentation for this feature (we're
> >>> working on it), but next to the "ip dns server", there are also new
> >>> keywords for the "ip host ..." command.. 
> >>>
> >>> 	oli
> >>>
> >>> Rodney Dunn (rodunn) <> wrote on Thursday, June 29, 2006 4:06 PM:
> >>>
> >>>
> >>>       
> >>>> My bad..not enough coffee yet in the morning.
> >>>>
> >>>> I thought you meant dhcp.
> >>>>
> >>>> I don't know the answer.
> >>>>
> >>>> On Thu, Jun 29, 2006 at 04:00:08PM +0200, Florian Prester wrote:
> >>>>
> >>>>         
> >>>>> Rodney Dunn wrote:
> >>>>>
> >>>>>           
> >>>>>> Did you try configuring an "ip helper address x.x.x.x"?
> >>>>>>
> >>>>>>
> >>>>>>             
> >>>>> I think an ip helper address is only for Broadcast traffic?? Is it
> >>>>> not? I want the router to accept unicast dns requests to its own IP
> >>>>> and act as an DNS-Server by asking another DNS-Server (or proxying
> >>>>> the request to the other sever).
> >>>>>
> >>>>> Greetings
> >>>>>  Florian
> >>>>>
> >>>>>           
> >>>>>> On Thu, Jun 29, 2006 at 03:11:05PM +0200, Florian Prester wrote:
> >>>>>>
> >>>>>>
> >>>>>>             
> >>>>>>> Hi,
> >>>>>>>
> >>>>>>>  is it possible to configure a Catalyst 4500 (SupIV) to act as a
> >>>>>>> DNS Proxy? Or at least to tell it to forward incomming
> >>>>>>> dns-requests to a specific DNS-Server?
> >>>>>>>
> >>>>>>>
> >>>>>>> Thanks
> >>>>>>>   Florian
> >>>>>>>
> >>>>>>>
> >>>>>>>               
> >> --
> >> Dipl. Inf. Florian Prester
> >> Network Administration
> >> Regionales RechenZentrum Erlangen
> >> Universitaet Erlangen-Nuernberg
> >> Martensstr. 1
> >> 91052 Erlangen
> >> Germany
> >>
> >> Tel.: +499131 8527813
> >>     
> 
> 
> -- 
> Dipl. Inf. Florian Prester
> Network Administration
> Regionales RechenZentrum Erlangen
> Universitaet Erlangen-Nuernberg
> Martensstr. 1
> 91052 Erlangen
> Germany
> 
> Tel.: +499131 8527813


More information about the cisco-nsp mailing list