Cisco As a DNS server

A nice way to save some money on additional servers, there is a nice way to use a Cisco as a DNS server
it can be a good way to allow URL filtering for HTTPS or just remove some of the load of the local Server,
this achieved by running the following commands on the device :
(config)#ip domain-lookup
(config)#ip name-server
(config)#ip dns server
Domain-lookup will allow the Cisco to resolve domains,
Name server is to define the DNS to query for unknown host
IP DNS server allows answering queries

At this state any DNS request will be forwarded to and the Cisco will act as the "middle man" between the client and the DNS.

Now let's add local records
(config)#ip host DOMAIN.COM
(config)#ip host DOMAIN.COM  MX 1 ASPMX.L.GOOGLE.COM
This creates an A Record for DOMAIN.COM  as
And MX record with priority of '1' to ASPMX.L.GOOGLE.COM

Any request for a sub-domain to DOMAIN.COM will be forwarded to

like i wrote before using that method we can implement URL-Filtering, to do so just block all DNS requests intended to any destination other than the Cisco and create a record for the URL you intend to block.

lets say you want to block interface FastEthernet 0/0 from accessing Facebook, it will look like this

  • access list to block all dns queries
ip access-list extended Block_DNS
10 permit udp host eq domain
20 deny udp any eq domain
30 permit ip any any
  • put the ACL on the interface
interface FastEthernet 0/0
ip address
ip access-group Block_DNS in

  • and send Facebook to
ip host
ip host

all done.

Hope this post was helpful, If it was please consider a donation:
BTC Address: 1CnyMpjd1RntRDxSus2hu2aDMyzL4Kj29N
LTC Address: LUqrKbzGihTU2GEnL3EwsuuLHCsxCJMdtR


Post a Comment