Menu

Cisco As a DNS server


A nice way to save some money on additional servers, there is a nice way to use a Cisco as a DNS server
it can be a good way to allow URL filtering for HTTPS or just remove some of the load of the local Server,
this achieved by running the following commands on the device :
(config)#ip domain-lookup
(config)#ip name-server 8.8.8.8
(config)#ip dns server
Domain-lookup will allow the Cisco to resolve domains,
Name server is to define the DNS to query for unknown host
IP DNS server allows answering queries

At this state any DNS request will be forwarded to 8.8.8.8 and the Cisco will act as the "middle man" between the client and the DNS.

Now let's add local records
(config)#ip host DOMAIN.COM 173.194.34.101
(config)#ip host DOMAIN.COM  MX 1 ASPMX.L.GOOGLE.COM
This creates an A Record for DOMAIN.COM  as 173.194.34.101
And MX record with priority of '1' to ASPMX.L.GOOGLE.COM

Any request for a sub-domain to DOMAIN.COM will be forwarded to 8.8.8.8

like i wrote before using that method we can implement URL-Filtering, to do so just block all DNS requests intended to any destination other than the Cisco and create a record for the URL you intend to block.

lets say you want to block interface FastEthernet 0/0 from accessing Facebook, it will look like this


  • access list to block all dns queries
ip access-list extended Block_DNS
10 permit udp 192.168.0.0 0.0.0.255 host 192.168.0.254 eq domain
20 deny udp 192.168.0.0 0.0.0.255 any eq domain
30 permit ip any any
  • put the ACL on the interface
interface FastEthernet 0/0
ip address 192.168.0.254 255.255.255.0
ip access-group Block_DNS in


  • and send Facebook to 0.0.0.0
ip host facebook.com 0.0.0.0
ip host www.facebook.com 0.0.0.0

all done.

Hope this post was helpful, If it was please consider a donation:
BTC Address: 1CnyMpjd1RntRDxSus2hu2aDMyzL4Kj29N
LTC Address: LUqrKbzGihTU2GEnL3EwsuuLHCsxCJMdtR

0 Comments:

Post a Comment