Network Address Translation of DNS responses

I “always knew” that Cisco IOS supports NAT translations between local and global addresses in DNS replies … until I wanted to use this functionality in one of my sample configurations and discovered it doesn’t work as expected.

A few tests later, I discovered the true story: DNS requests and responses are translated if and only if you define IP-level NAT translations using either the ip nat inside source static or the ip nat inside source list pool configuration command. The translations should not use any additional filters (do not use the route-map keyword) and cannot result in PAT translations (do not use the overload keyword).

You can find more details in the “Network address translation of DNS responses” article in the CT3 wiki.

4 comments:

  1. Have you realy test what solution?

    ReplyDelete
  2. "DNS requests to outside DNS server" scenario would work with

    "ip nat outside source static 'ip' 'ip' no-alias".

    ReplyDelete
  3. @liminas: Yes, I've tested the solution :)

    ReplyDelete
  4. It doesn`t work even whith "ip nat inside source static or the ip nat inside source list pool configuration command" for me.
    Only "no-payload" helps!!!

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.