Configuring Split DNS on Cisco IOS

Shaun Ewing Technology 3 Comments

At home I have a Cisco 867VAE router that acts as the gateway between my home network and the Internet. It also provides site-to-site VPN between my home network and services I have inside the Amazon Web Services (AWS) cloud.

For a while now I’ve been providing DNS resolution using a BIND DNS server running on a home server as I had a requirement to send DNS resolution requests to different upstream resolvers based on the domain and at the time of implementation the router I had didn’t have this capability.

As I have however had the Cisco router for a while I’ve decided it’s time to enable DNS resolution in the Cisco router and move this service here.

Here’s how I’ve done this.

Step One

The first step is to configure the default resolvers on the router. You might already have these in place especially if your router is already in use.

I use Google Public DNS so here’s my configuration:

Step Two

This step involves configuring your DNS views. DNS views determine the resolvers that will be used.

In this case I have two views – one for domains I’m pointing to Unblock-Us and another for all other requests.

Obviously you need to change the DNS view to suit your environment.

Step Three

This step involves configuring the domains that you want to use your non-default DNS view. For example, a basic configuration that forwards Netflix to Unblock-Us is as follows:

If you have configured extra DNS views above then you’ll need to extra DNS name-lists by incrementing the ID.

Step Four

This step involves configuring a DNS view-list that forwards requests based on the name list above. Anything that doesn’t match a name list is forwarded to the default.

Step Five

The last step is setting your router to use the view-list defined above and activating the DNS service.

You’ll need to adjust the above to suit your environment but once done you should have split DNS!

About the Author
Configuring Split DNS on Cisco IOS was last modified: May 1st, 2017 by Shaun Ewing

Comments 3

  1. Hi Shaun, thank you for your sharing, it is extremely useful to me as i am trying to configure a cisco router to by pass the router that my ISP gives me. May i know if it is possible to do these bases on sub interfaces?
    For example:
    *.NETFLIX.COM
    *.UNBLOCK-US.COM
    *.US-WEST-9.ELB.AMAZONAWS.COM
    Send the DNS query to g0/1.200
    While the default view will send the query to g0/1.100
    Please advice as i had been trying very hard to get this issue resolve.
    Thank you in advance

    1. Post
      Author

      At the time I wrote this article I had both Telstra and Internode connections in a failover state. This meant I had to use DNS resolvers that were accessible to both networks.

      Now that I only have Telstra I’ve gone back to using ISP provided resolvers. The original article on third party DNS resolvers impacting performance still has relevance – however some of the performance improvements mentioned in that article appear to have been implemented now.

Leave a Reply

Your email address will not be published. Required fields are marked *