Re: IOS DNS

I'm glad you brought that up. I wrote an article on that subject
sometime ago. Folk may find it useful:

http://blog.ipexpert.com/2011/03/07/dns-and-split-dns-on-ios/

--
Marko Milivojevic - CCIE #18427 (SP R&S)
Senior CCIE Instructor / Managing Partner - IPexpert
On Fri, Feb 15, 2013 at 12:31 PM, Brian McGahan <bmcgahan_at_ine.com> wrote:
>         One useful feature for smaller environments where IOS DNS is applicable is that you could use the router as your DNS proxy.  For example you have your DHCP server assign the router as the DNS server for clients, and then on the router you point to a public DNS server like 8.8.8.8.  Then if you want custom split DNS entries, like www.domain.local or something you can put them in the router with the ip host command, and you can also do very simple content filtering.  I.e. you could configure the router to point www.facebook.com to 127.0.0.1 if you want to block it.  This of course is a lot easier to get around than deep packet inspection, but it's also a lot less resource intensive than NBAR or DPI if your edge router isn't that powerful.
>
>
>
> Brian McGahan, CCIE #8593 (R&S/SP/Security)
> bmcgahan_at_INE.com
>
> Internetwork Expert, Inc.
> http://www.INE.com
>
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of marc edwards
> Sent: Friday, February 15, 2013 1:48 PM
> To: reza
> Cc: Cisco certification
> Subject: Re: IOS DNS
>
> I agree with Brian on best DNS practice to use bind but if for whatever reason a router is being used as DNS server (perhaps for other routers...)
>
> documentation is in doc CD under IP addressing
>
> http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_dns/configuration/12-4t/dns-12-4t-book.html
>
> pretty straight forward stuff. In practice, I usually 'no ip domain-lookup' on devices because it becomes an annoyance. For router to be DNS client this needs to be activated. specify a server with the ip name-server x.x.x.x command. Ensure the the router acting as server has host entry that is trying to be resolved. Not much more to it.
>
> HTH
>
> Marc
>
> On Fri, Feb 15, 2013 at 11:15 AM, reza <reza_at_lethalnetworks.com> wrote:
>> Hey all,
>> I've found the FreeBSD Handbook to be a good reference point for DNS/BIND.
>>
>> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-dns.
>> html
>>
>> ----- Original Message -----
>> From: "Imran Ali" <immrccie_at_gmail.com>
>> To: "Cisco certification" <ccielab_at_groupstudy.com>
>> Sent: Friday, February 15, 2013 1:43:26 AM
>> Subject: IOS DNS
>>
>> Hi all,
>>
>> comming from  routing and switching background ,it is taking some time
>> to get IOS DNS  stuff.
>>
>> Any  good  generic DNS  links  you have ? even though i am googleing
>> ...(authorative DNS , zones, RRs , DDNS ,etc )
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> ______________________________________________________________________
>> _ Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> ______________________________________________________________________
>> _ Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net