Use your Cisco router as a primary DNS server

In IOS release 12.3, most Cisco routers can act as primary DNS servers (formerly, this functionality was only available as part of DistributedDirector product), alleviating the need for a host-based DNS server in your perimeter network. To configure a router to act as primary
DNS server for a zone, use the ip dns primary command, for example:

ip dns server
ip dns primary website.com soa ns.website.com
admin@website.com 86400 3600 1209600 86400

Next, you need to define primary and secondary name servers for the domain.
Use the ip host ns command:
ip host website.com ns ns.website.com
ip host website.com ns ns.isp.com
You can also define mail routing for the domain with the ip host mx command:

ip host website.com mx 10 mail.website.com
ip host website.com mx 20 mail.isp.com


Finally, you need to define hosts within your domain (with the traditional form of the ip host command):

ip host ns.website.com 192.168.0.1 ! router's IP address
ip host www.website.com 192.168.1.1
ip host website.com 192.168.1.1 ! alternate for www.website.com
ip host mail.website.com 192.168.1.2

17 comments:

  1. This actually caused my 2620XM to run at 98% CPU utilization and stopped my CME from processing calls.

    ReplyDelete
  2. You're absolutely right. I wrote a few recommendations on how to protect your router.

    ReplyDelete
  3. Whether probably to achieve support DDNS+DHCP of clients on the described configuration?

    ReplyDelete
  4. I was not able to get DDNS server working on Cisco IOS. It can send the DDNS requests to an external server, but somehow cannot keep a DDNS cache internally (if that was the question).

    ReplyDelete
  5. Great thanks!
    Where I could read about why I can confihure ddns update via Cisco DHCP server and named/bind daemon?

    ReplyDelete
  6. This has worked perfectly on my Cisco 2800, 2600, 1800 and 1700 series routers. I suggest one read Cisco's documentation regarding dynamic name resolution. For example, ip domain list and ip domain name are also required.

    ReplyDelete
    Replies
    1. Well on the 2621x happened to me that 2621x Cisco Routers with 128 RAM begin to work with ip dns server but when you are in a network with 184 systems requesting dns resolution the cisco just hang out. I just buy another 128 RAM and now is working fine.

      Delete
  7. Thank you so much ! It was very helpful to me :)

    ReplyDelete
  8. this command is not correct incisco device.

    it should be ip name-server 10.x.x.x

    ReplyDelete
    Replies
    1. Really??? There's a slight difference between DNS server and DNS client. Please read the Cisco IOS documentation for both commands.

      Delete
  9. Thanks for the post, works like a charm !

    ReplyDelete
  10. Hi Ivan,

    I realise this post is quite old now, but have you found a way of creating CNAME records in IOS?

    I'm using IOS for rDNS lookup for some of my server provisioning and would like a server IP to resolve to the proper A hostname record, rather than a CNAME alias.

    I've found if you do a rDNS lookup you get the name the router first finds in its config. Therefore I can force the preferred hostname but it's not very elegant and is error prone. E.g.

    ip host mycryptichostname 10.1.1.100
    ip host mycnamealias 10.1.1.100

    I can't find any way to enter a CNAME proper though (e.g. http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfipadr.html#wp1067293) - just wonder if you or one of your readers had?

    Thanks!

    Simon

    ReplyDelete
    Replies
    1. My IOS release won't allow me to enter a CNAME, just MX, NS or SRV record.

      Delete
  11. IOS DNS doesn't correctly answer SOA queries. For some unclear reasons, it puts SOA RR into Authority section, instead of Answer section

    ReplyDelete
  12. Can a Cisco Router also act as a ipv6 dns server? I am having a hard time setting this up in my lab.

    ReplyDelete
    Replies
    1. Never tested it. Probably not.

      Delete
    2. I figured as much. Time for some raspberry pi / bind action. Thanks for the quick response!

      Delete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.