NIL's New Year E-Learning promotion: Save 30% on all Remote labs and e-learning courses purchased before January 31st 2009. Click here for more details.

Network Address Translation of DNS responses

I “always knew” that Cisco IOS supports NAT translations between local and global addresses in DNS replies … until I wanted to use this functionality in one of my sample configurations and discovered it doesn’t work as expected.

A few tests later, I discovered the true story: DNS requests and responses are translated if and only if you define IP-level NAT translations using either the ip nat inside source static or the ip nat inside source list pool configuration command. The translations should not use any additional filters (do not use the route-map keyword) and cannot result in PAT translations (do not use the overload keyword).

You can find more details in the “Network address translation of DNS responses” article in the CT3 wiki.

Posted by Ivan Pepelnjak on Thursday, November 20, 2008

Labels: ,

4 comments:

liminas said...

Have you realy test what solution?

20 November, 2008 10:34
liminas said...

"DNS requests to outside DNS server" scenario would work with

"ip nat outside source static 'ip' 'ip' no-alias".

20 November, 2008 11:21
Ivan Pepelnjak said...

@liminas: Yes, I've tested the solution :)

20 November, 2008 18:12
Andrew said...

It doesn`t work even whith "ip nat inside source static or the ip nat inside source list pool configuration command" for me.
Only "no-payload" helps!!!

19 December, 2008 20:43

Post a Comment

Subscribe to: Post Comments (Atom)
Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or visit his page on Facebook.