Configure split-DNS forwarding on Cisco routers

Before you begin

Note the IP addresses of the ETP recursive DNS servers. For more information, see View DNS server information.

To separate the DNS resolution of internal domains from external domains, configure split-DNS forwarding with Cisco routers. This lets you use the local DNS server for internal domain resolution for internal applications or resources while directing external domain requests to ETP.

Split-DNS forwarding

How to

  1. Log in the Cisco router:
    1. Open a command prompt or terminal window.
    2. Enter this command:
      telnet <IP address>

      <IP address> is the IP address of router.

    3. Enter your username and press Enter.
    4. When prompted for your password, enter your password.
  2. Enter this command to access global configuration settings:
    configure terminal
  3. Configure the DNS server configuration on the router to send requests to ETP. Enter this command:
    ip name-server <ETP_primaryIP> <ETP_secondaryIP>
    where:
    • <ETP_primaryIP> is the IP address of the primary ETP recursive DNS server.
    • <ETP_secondaryIP> is the IP address of the secondary ETP recursive DNS server.
  4. Configure DNS forwarding:
    1. Enter this command to define the default DNS view:
      ip dns view default
    2. Enter this command to define DNS forwarding for incoming DNS requests:
      dns forwarder <ETP_primaryIP> <ETP_secondaryIP>
      where:
      • <ETP_primaryIP> is the IP address of the primary ETP recursive DNS server.
      • <ETP_secondaryIP> is the IP address of the secondary ETP recursive DNS server.
    3. Enter this command to define an internal DNS view:
      ip dns view internal_dns
    4. Enter this command to forward internal requests to your organization's internal DNS server:
      dns forwarder <Internal_DNS_IP1> <Internal_DNS_IP2>
      where:
      • <Internal_DNS_IP1> is the IP address of your internal DNS server.
      • <Internal_DNS_IP2> is the IP address of your secondary internal DNS server.
  5. Enter this command to configure a list of internal domains that you want the internal DNS server to resolve.
    ip dns name-list <number> permit <domain>
    where:
    • <number> is a number ranging from 1 to 500 that identifies the list.
    • <domain> is a domain. Regular expressions and regular expression pattern-matching characters are supported.
  6. Execute these commands to configure DNS views or to specify the parameters that define how DNS queries are handled. In this step, you'll also configure a list of DNS views.
    1. Enter this command to define conditions for a view list.
      ip dns view-list conditional
    2. Enter this command:
      view internal_dns 10
    3. Enter this command:
      restrict name-group 1
      
    4. Enter this command:
      view default 99
  7. Enter these commands to enable the view list on the router and the DNS service.
    ip dns server view-group conditional
    ip dns server