[c-nsp] ISG: redirecting customers DNS to internal DNS Cache servers (L4 redirect)
LM
asturluismi at gmail.com
Wed Jul 21 06:17:45 EDT 2010
According with Cisco
(http://cisco.biz/en/US/docs/routers/10000/10008/configuration/guides/ancp/isbl4rdt.html#wp1043711)
I create the next configuration:
!----------------------------------------------------------------------------------------------------------
ip access-list extended DNS-Traffic
10 permit tcp any eq 53 any eq 53
20 permit udp any eq 53 any eq 53
30 permit tcp any gt 1024 any eq 53
40 permit udp any gt 1024 any eq 53
service-policy type control DNS-redirection
policy-map type control DNS-redirection
class type control event session-start
1 service-policy type service name DNS-redirection-profile
policy-map type service DNS-redirection-profile
class type traffic DNS-Traffic
! maybe could be possible to use "match protocol dns" pending to test it
match access-group DNS-Traffic
redirect to group DNS-servers
redirect server-group DNS-servers
! are they going to do load balance? is it possible?
server ip 10.53.0.235 port 53
server ip 10.53.0.236 port 53
!----------------------------------------------------------------------------------------------------------
Questions:
- should I do modify the default timers (frequency and concurrent sessions)
- how is considered the value "sessions"? by ip? by request?
- what about the CPU? too much impact? any experience?
Alternatives with less impact to redirect DNS traffic? :]
Thanks in advance to all the list.
Luis
More information about the cisco-nsp
mailing list