Using a router as a DNS proxy server

A Cisco router running IOS release 12.3 can act as a proxy DNS server - when you configure ip dns server and ip name-server ip-address, it starts forwarding any received DNS requests to the upstream name server.

The router does not act as a recursive server, it just propagates the requests. For example, if the client asks for A record for and the upstream DNS server responds with a NS record for the .com tree, the router will not perform recursive DNS lookups to get the answer (and the resolver code in most clients will fail). The upstream DNS server has to be willing to perform recursive lookups for you.

You can use this functionality (potentially in combination with other external proxies) to set up an environment where the clients do not need to access the Internet directly.


  1. *DONT_KNOW*

    it's a pity the recursive lookups seem to not function for reverse-lookups. It gave me a headache for a while and then I gave up. If anyone has an answer I would be keen to test it..
  2. As I wrote in the post - IOS just forwards the requests to an external DNS server. It performs no recursion whatsoever.
  3. Not sure if that is true..

    If the router forwards the request as a forwarder then it relies on the server to respond back to it and then it replies to your request.. that kinda = recursion as it certainly is not iterative ;)

    and even a dns server that was configured for stub and or a forwarder should respond based on the response from the server..?

    great website and appreciate your views and comments

  4. A "recursive DNS server" and a "forwarding DNS server" are well-defined concepts. Follow the links in the first NOTE in this IP Corner article: for more information.

    IOS is a forwarding, but not a recursive DNS server. BTW, I'm using this functionality in my home office and never had any IPv4 issues (and I'm doing some pretty crazy testing stuff every now and then). IPv6 is unfortunately a completely different story.
