Imagine having to remember IP addresses such as 192.168.200.3 instead of a domain name such as www.google.com. One IP address we could probably remember, but times this by the amount of the websites you visit daily and now remember IP addresses for EACH one... I certainly could not. This is where Domain Name System (DNS) assists us in using human-readable names instead of computer understood IP addresses. DNS is ultimately going to do this translation automatically so the computer knows where we are directing it.
The IP schema for this lab will be 10.10.10.0/24. This will give us 254 usable addresses (256 - broadcast address - network address). The subnet mask will be 255.255.255.0.
In this lab we want to configure the following DNS options:
The routers interfaces are configured with IP addresses:The inside interface Gi0/0 is configured with an internal address within the selected schema; in this case 10.10.10.254. The outside interface, the interface representing connectivity to my ISP is set to DHCP to receive an external IP from my ISP. I know in this case it is a private network address, but just imagine this being a public IP assigned by your ISP. At this stage trying to PING the outside world will fail as domain-lookup has not been enabled: To enable DNS, simply enter: Trying to PING the outside world (www.google.com in this case) now yields results. Something to bear in mind at this stage, my recursive nameserver in this instance is the DNS settings provided by my DHCP on the external interface. This can be seen here: If we wanted to change our recursive nameserver to something different, we can using the following process: What we have done here; first we have removed the DHCP provided nameserver of 192.168.122.1 and then added 184.108.40.206 (Googles DNS service), confirmed the change by viewing our DNS settings and then ensuring it is working by using PING to an external domain (wwww.slash-root.com). At this stage we can now enable a DNS service to serve our internal network:
The next step is to configure host1 and host2 to use our router as their default-gateway and DNS server:Once configured we can attempt to PING the default-gateway and then an external domain name to ensure our DNS service is working correctly. You will notice we could PING the default-gateway (our router) but we could not PING an external domain name. The issue we have run into here is; when our router receives a packet from host1 with the source IP address of 10.10.10.1 (private address) it refuses to route it any further without explicit instruction. The solution is address translation (Overload in CISCO speak). You will notice we could PING the default-gateway (our router) but we could not PING an external domain name. The issue we have run into here is; when our router receives a packet from host1 with the source IP address of 10.10.10.1 (private address) it refuses to route it any further without explicit instruction. The solution is address translation (Overload in CISCO speak). The first step is to identify which interfaces are inside and outside; we do this using the following commands: Here we have said the internal interface Gi0/0 (the one connected to our LAN) is the NAT inside. We've also said interface Gi0/1 is the NAT outside. To link this together we now run the following commands: All this command is doing, is first creating a list of IPs we want to include in this address translation (10.10.10.0/24) and then applying this address translation from the inside to the outside interface Gi0/1. Once executed we save the configuration, restart the hosts and test our DNS service again: If you are interested in seeing the actual translations this is performing, you can view them by running the following command:
show ip nat translations
Email: [email protected]
Copyright © 2023 - slash-root.com