There is an occasional need for a DNS server in the absence of a dedicated host. This may occur in the following situations–
- Using PAT, Public DNS may return a non-RFC1918 address for internal server
- Lab/Demo Environment
- Other Name Resolution challenges in SOHO, SMB or Branch Office
When these corner-case challenges present, an IOS router may be beneficial by providing basic DNS functions. Assuming the router already has Internet connectivity, the configuration is straightforward–
//enable the dns server functionality IOS-DNS(config)#ip dns server //if public requests should be resolved, configure one or more name //servers as resolvers and confirm domain-lookups are enabled IOS-DNS(config)#ip name-server 188.8.131.52 184.108.40.206 IOS-DNS(config)#ip domain-lookup
At this point the router should perform DNS resolution by relaying requests to the public name servers in the configuration. Hosts could use any IP address on the device in their DNS configuration. ACLs should be used to block DNS requests to interfaces that aren’t servicing clients.
To create DNS records for local resolution, the ip host command can be used.
IOS-DNS(config)#ip host ? WORD Name of host view Specify view vrf Specify VRF IOS-DNS(config)#ip host www.example.com ? Default telnet port number A.B.C.D Host IP address additional Append addresses mx Configure a MX record ns Configure an NS record srv Configure a SRV record
//'A' Record Configuration IOS-DNS(config)#ip host www.example.com 192.168.1.100 //'NS' record (SOA) IOS-DNS(config)#ip host example.com ns ns.example.com IOS-DNS(config)#ip host ns.example.com 192.168.1.1 //'MX' record with a priority of 10 IOS-DNS(config)#ip host mail.example.com 192.168.1.200 IOS-DNS(config)#ip host example.com mx 10 mail.example.com
Configuration validation can be achieved using nslookup on a host
//start nslookup and set the server address Pauls-LT:~ paulstewart$ nslookup > server 192.168.1.1 Default server: 192.168.1.1 Address: 192.168.1.1#53 //check the A record > set ty=a > www.example.com. Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: Name: www.example.com Address: 192.168.1.100 //validate the NS record > set ty=ns > example.com. Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: example.com nameserver = ns.example.com. Authoritative answers can be found from: ns.example.com internet address = 192.168.1.1 //check the MX record > set ty=mx > example.com. Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: example.com mail exchanger = 10 mail.example.com. Authoritative answers can be found from: mail.example.com internet address = 192.168.1.200
This is a very simple configuration that may allow an administrator a quick and easy way to work around specific challenges. Some use cases may require customization based on the interface receiving the requests. For a more advanced configuration, split-dns can be configured using DNS views. As with any configuration, care should be taken to ensure that it is secured and services only accessible where required.