Cisco commands for DNS

Mr Bloat

Hi all,

I'm a bit (very) rusty on my Cisco IOS commands so I'm hoping someone can help me out. Is there any way I can set up a Cisco router to route traffic to different DNS servers, depending on the ip or site being accessed? I have been following the bargain alerts thread on Netflix and want to use UnblockUS to access the American Netflix content. However, I don't want to set UnblockUS as a primary DNS on the router and as I have multiple devices which are capable of accessing Netflix, I don't particularly want to be manually setting and resetting the DNS on them as needed.
Ideally, I would set up the router to resolve any traffic bound for netflix.com using UnblockUS' DNS and resolve all other traffic with another DNS provider such as my ISP or 8.8.8.8. Can this be done? I have a PIX 501 firewall, a 2600 and a 2811 available to me for this task.

All tips gratefully received!

rolion

What DNS has to do with the TCP/IP or HTTP(S) traffic !?
I guess you need something to route traffic to that web site based on some DNS returns and not the DNS query itself !??

Zab

Pretty sure the service returns one of their IPs when you ask for whatever.com and they forward the traffic on from there.

Mr Bloat

Maybe I didn't explain myself properly. If I use blacknight.com/dns to check how different dns servers view netflix.com, I get these results:

Forward 69.53.236.17
Reverse 69.53.236.17: netflix.co.uk
MX Records - Mail 10 mail.messaging.microsoft.com
Common Subdomains www: 107.20.137.117
ftp: 69.53.236.147
ns1: 69.53.255.10
ns2: 69.53.254.10
Nameserver pdns1.ultradns.net
pdns2.ultradns.net
pdns3.ultradns.org
pdns4.ultradns.org
pdns5.ultradns.info
pdns6.ultradns.co.uk
Server Of Authority dns.netflix.com


If I tell blacknight.ie/dns to include the UnblockUS DNS that I want to use for netflix.com, I get these results:

Forward 173.208.155.14
173.208.170.14
50.22.86.51
68.169.54.227
69.89.4.237
Reverse 173.208.155.14: None
173.208.170.14: None
50.22.86.51: 50.22.86.51-static.reverse.softlayer.com
68.169.54.227: None
69.89.4.237: None
MX Records - Mail None
Common Subdomains www: 173.208.155.14
ftp: 173.208.155.14
mail: 173.208.155.14
ns: 173.208.155.14
ns1: 184.106.242.193
ns2: 67.23.7.56
Nameserver ns1.netflix.com
Server Of Authority ns1.netflix.com

These are clearly different. Using UnBlockUS' DNS server will resolve netflix.com to their US based servers. Then these servers will assume I am in the US and will display the US content, which has way more available in it than which is available in Ireland. What I am hoping to do is to have my router resolve DNS requests for netflix.com using the US DNS and resolve all other web requests using a local DNS.
Is there an IOS command which will forward DNS resolution request for netflix.com to the US DNS server and all other DNS requests to another DNS server?

Zab

I don't know the answer, but I'm guessing it'll be a no.

Another option you could try is if IOS has the equivalent of a hosts file. However, this may not work 100% as there may be some sort of session started by your initial DNS query, although it might work pretty well for a popular service like netflix. And of course it'll require more maintenance than what you originally wanted.

I suspect that you'd have an easier, but still not easy, time of it if you had a linux-based router.

Mr Bloat

Thanks for that, I didn't think of using a linux based router. I'll look into that this evening.

NullZer0

Policy routing - no?

Dardania

Zab wrote: »

Another option you could try is if IOS has the equivalent of a hosts file. However, this may not work 100% as there may be some sort of session started by your initial DNS query, although it might work pretty well for a popular service like netflix. And of course it'll require more maintenance than what you originally wanted.

Came back to this thread to suggest this but Zab beat me to it!

PogMoThoin

I am also very interested in this and I have a Mikrotik router. It's the same situation, I have a HTPC and some other pc's that use Netflix and don't wish to change dns to UnblockUS or to set UnblockUS as default dns on the router as I'm using OpenDns for adult content filtering.

PogMoThoin

Ok, been messing with this trying to get it working, the following is the results when I have Eircoms dns on my pc

C:\Users\Colm>nslookup www.netflix.com
Server: dns1.cwm.dublin.eircom.net
Address: 213.94.190.194

Non-authoritative answer:
Name: wwwservice--frontend-313423742.us-east-1.elb.amazonaws.com
Addresses: 107.21.96.127
50.19.99.64
50.19.103.125
50.19.119.154
107.20.137.117
107.20.232.200
Aliases: www.netflix.com

And this is the result when I use UnblockUS

C:\Users\Colm>nslookup www.netflix.com
Server: UnKnown
Address: 208.122.23.22

Name: www.netflix.com
Addresses: 68.169.54.227
69.89.4.237
173.208.155.14
173.208.170.14
50.22.86.51

When your pc is using UnblockUS you can see the redirect in your browser as it says waiting for UnblockUS as the page is loading. Adding a static entry on the Mikrotik to 68.169.54.227 does nothing, it opens the UK site. I'm sure another method is necessary as the dns lookup obviously opens a session.

[admin@Abe] > ip dns export
# jan/28/2012 13:21:24 by RouterOS 5.11
# software id = Q6KR-1DZA
#
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=4096KiB \
max-udp-packet-size=512 servers=208.67.222.222,208.67.220.220
/ip dns static
add address=192.168.88.1 disabled=no name=router ttl=1d
add address=68.169.54.227 disabled=no name=www.netflix.com ttl=1d

Zab

Are you sure it isn't redirecting you or internally using another URL that you don't yet have in your list? The network tab of the chrome developer tools might be handy.

PogMoThoin

Zab wrote: »

Are you sure it isn't redirecting you or internally using another URL that you don't yet have in your list? The network tab of the chrome developer tools might be handy.

Yes, this is probably the issue here. There are 2 other Netflix URL's in my dns cache, these would also need static entries

netflix.com.outerstats.com
images.netflix.com.edgesuite.net

The developer tools of chrome tells me the images come from nflximg.com on the UK site. I'm gonna try again later.

PogMoThoin

Got this working. I changed the dns on my pc to UnblockUS, did a flushdns and took note of the dns entries in my routers cache when connected to Netflix. I then did nslookup and added each one as a static entry. Here's my static entries:

[admin@Abe] > ip dns export
# jan/28/2012 15:33:56 by RouterOS 5.11
# software id = Q6KR-1DZA
#
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=4096KiB max-udp-packet-size=512 \
servers=208.67.222.222,208.67.220.220
/ip dns static
add address=192.168.88.1 disabled=no name=router ttl=1d
add address=68.169.54.227 disabled=no name=www.netflix.com ttl=1d
add address=184.107.233.130 disabled=no name=www.outerstats.com ttl=1d
add address=92.122.217.152 disabled=no name=www.images.netflix.com.edgesuite.net ttl=1d
add address=184.107.233.130 disabled=no name=www.netflix.com.outerstats.com ttl=1d
add address=173.208.170.14 disabled=no name=www.nflximg.com ttl=1d

PogMoThoin

Sorry folks, not working, I closed the browser and it reverted to the UK lineup

LumpyGravy

Hi.

Did you have any luck with that?

Did you get a chance to try a linux based router, here's a software based one: http://en.wikipedia.org/wiki/PfSense

You could try and set it up as an authoritative dns server on your network and then set up an a record for Unblock-Us or US Netflix.

PogMoThoin

No luck. The Mikrotik router I use is a linux router, I have it caching dns but a static redirect didn't work. The dns lookup must open a session at UnblockUS. I can't see a way around it other than writing a specific script