Split-DNS on ISR routers

LynK · March 02, 2016, 02:34:27 PM

hey guys,

has anyone installed SPLIT-DNS on their ISR 2800/2900's? Did you come into any issues with it not functioning properly?

Reggle · March 02, 2016, 04:29:07 PM

A bit off topic perhaps, but I would *never* run DNS on a Cisco router. Whatever the plan, there has to be a better design.

deanwebb · March 02, 2016, 05:38:56 PM

Lolz... and Cisco bought OpenDNS.

LynK · March 03, 2016, 08:33:38 AM

which is exactly why we need to use split DNS.

We have PBR with external IP going out cable connection. The issue is the internal hosts are pointing to internal DNS servers. So when they go to playboy.com it queries internal DNS and then sends the traffic out the cable connection unfiltered.

yeah.. thats an issue.

So this is why we need split-dns on the router. send external to OpenDNS. Send internal to internal DNS.

icecream-guy · March 03, 2016, 11:06:31 AM

Quote from: LynK on March 03, 2016, 08:33:38 AM
which is exactly why we need to use split DNS.

We have PBR with external IP going out cable connection. The issue is the internal hosts are pointing to internal DNS servers. So when they go to playboy.com it queries internal DNS and then sends the traffic out the cable connection unfiltered.

yeah.. thats an issue.

So this is why we need split-dns on the router. send external to OpenDNS. Send internal to internal DNS.

.

Otanx · March 03, 2016, 12:44:20 PM

I'm not following. So you have an internal DNS server, and it does look-ups external. So just configure that internal DNS to send requests to OpenDNS.

-Otanx

LynK · March 04, 2016, 02:52:32 PM

no bueno. haha because we use the same internal DNS servers here at HQ.

it is kind of confusing. If anyone needs a decent PBR/split-dns solution down the road hit me up.

Split-DNS on ISR routers

LynK

Reggle

deanwebb

LynK

icecream-guy

Otanx

LynK