構成図
Cisco IOS のルータをキャッシュ DNS サーバとして動作させる。この時、 DNS クエリのドメイン名により問い合わせ先を変更する。ここでは、特定ドメインは問合せを除外し、内部用ドメインは Window Server にフォワーディングし、これら以外は外部の公開 DNS へフォワーディングを行う。
| ドメイン | View 定義名 | 動作 | フォワーディング先 |
| block.net.home | block-01 | 問合せ除外 | – |
| win.net.home | win-01 | フォワーディング | 192.168.10.1 192.168.10.2 |
| その他全て | default | フォワーディング | 8.8.8.8 |
キャッシュ DNS サーバ設定
Cisco IOS で宛先ドメイン別クエリに応答するため、キャッシュ DNS サーバを以下の様に設定する。
ここで、「domain lookup」 と 「dns forwarding」 の違いはルーター自身が DNS 問い合わせをするのか、 DNS サーバとして受けたクエリを転送するのかの違い。
※「ip dns view default」で「no domain lookup」するとルータ自身からの名前解決が不可になる。
ip domain name net.home
ip name-server 8.8.8.8
ip dns view block-01
no domain lookup
no dns forwarding
ip dns view win-01
no domain lookup
dns forwarding
dns forwarder 192.168.10.1
dns forwarder 192.168.10.2
ip dns view-list dns-list
view block-01 10
restrict name-group 10
view win-01 20
restrict name-group 20
view default 100
ip dns name-list 10 permit .*BLOCK.NET.HOME
ip dns name-list 20 permit .*WIN.NET.HOME
ip dns server view-group dns-list
ip dns server以下でも同様に動作可能。「win-01」だけ抜粋。
※但し、ここに「no dns forwarding」を追記すると DNS クエリを受け付けない。
ip dns view win-01
domain name-server 192.168.10.1
domain name-server 192.168.10.2以下に設定値を表示する。
Router# show ip dns view
DNS View block-01 parameters:
Logging is off
DNS Resolver settings:
Domain lookup is disabled
Default domain name:
Domain search list:
Lookup timeout: 3 seconds
Lookup retries: 2
Domain name-servers:
DNS Server settings:
Forwarding of queries is disabled
Forwarder timeout: 3 seconds
Forwarder retries: 2
Forwarder addresses:
DNS View win-01 parameters:
Logging is off
DNS Resolver settings:
Domain lookup is disabled
Default domain name:
Domain search list:
Lookup timeout: 3 seconds
Lookup retries: 2
Domain name-servers:
DNS Server settings:
Forwarding of queries is enabled
Forwarder timeout: 3 seconds
Forwarder retries: 2
Forwarder addresses:
192.168.10.1
192.168.10.2
DNS View default parameters:
Logging is off
DNS Resolver settings:
Domain lookup is enabled
Default domain name: net.home
Domain search list:
Lookup timeout: 3 seconds
Lookup retries: 2
Domain name-servers:
8.8.8.8
DNS Server settings:
Forwarding of queries is enabled
Forwarder timeout: 3 seconds
Forwarder retries: 2
Forwarder addresses:
Router# show ip dns view-list
View-list dns-list:
View block-01:
Evaluation order: 10
Restrict to ip dns name-list: 10
View win-01:
Evaluation order: 20
Restrict to ip dns name-list: 20
View default:
Evaluation order: 100動作確認
Block 対象ドメインの場合
IOS ルータで Debug を有効にし、 SSH 状態で画面表示されるようにする。
Router# debug ip domain
Domain Name System debugging is on
Router# terminal monitorブロック対象のドメイン名でクライアントPCから問い合わせを行う。
> nslookup block.net.home. 192.168.100.254
Server: UnKnown
Address: 192.168.100.254
*** UnKnown can't find block.net.home: Non-existent domainこの時、 Cisco IOS の Debug ログ、およびキャッシュ情報は以下の様になる。
Router#
Dec 11 2024 23:00:40 JST: DNS: Incoming UDP query (id#28261)
Dec 11 2024 23:00:40 JST: DNS: Type 1 DNS query (id#28261) for host 'block.net.home' from 192.168.100.1(60718)
Dec 11 2024 23:00:40 JST: DNS: Servicing request using view block-01
Dec 11 2024 23:00:40 JST: search_nametype_index: block.net.home
Dec 11 2024 23:00:40 JST: search_nametype_index: block.net.home
Dec 11 2024 23:00:40 JST: search_nametype_index: net.home
Dec 11 2024 23:00:40 JST: search_nametype_index: net.home
Dec 11 2024 23:00:40 JST: search_nametype_index: home
Dec 11 2024 23:00:40 JST: search_nametype_index: home
Dec 11 2024 23:00:40 JST: search_nametype_index: block.net.home
Dec 11 2024 23:00:40 JST: search_nametype_index: block.net.home
Dec 11 2024 23:00:40 JST: search_nametype_index: net.home
Dec 11 2024 23:00:40 JST: search_nametype_index: net.home
Dec 11 2024 23:00:40 JST: search_nametype_index: home
Dec 11 2024 23:00:40 JST: search_nametype_index: home
Dec 11 2024 23:00:40 JST: DNS: Reply to client 192.168.100.1/54375 query A with SERVFAIL
Dec 11 2024 23:00:40 JST: DNS: Finished processing query (id#38305) in 0.000 secs
Dec 11 2024 23:00:40 JST: DNS: Sending response to 192.168.100.1/54375, len 32Router# show hosts view block-01
Indexing success/error statistics:
4 entries matched perfectly
0 entries did NOT match each other
0 entries were found normally but not by indexing
16 entries were found by indexing but not normally
Name lookup View: block-01
Default domain is not set
Name/address lookup uses static mappings
Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
temp - temporary, perm - permanent
NA - Not Applicable None - Not defined
Host Port Flags Age Type Address(es)ドメイン名別フォワーディングの場合
同様に、内部ドメインのドメイン名でクライアントPCから問い合わせを行う。
> nslookup -type=a win.net.home. 192.168.100.254
Server: UnKnown
Address: 192.168.100.254
Name: win.net.home
Addresses: 192.168.10.1この時、 Cisco IOS の Debug ログ、およびキャッシュ情報は以下の様になる。
※逆引きがウザイ・・・(^ν^)
Router#
Dec 11 2024 23:24:28 JST: DNS: Incoming UDP query (id#1)
Dec 11 2024 23:24:28 JST: DNS: Type 12 DNS query (id#1) for host '254.100.168.192.in-addr.arpa' from 192.168.100.1(62011)
Dec 11 2024 23:24:28 JST: DNS: Servicing request using view default
Dec 11 2024 23:24:28 JST: search_nametype_index: 254.100.168.192.in-addr.arpa
Dec 11 2024 23:24:28 JST: search_nametype_index: 254.100.168.192.in-addr.arpa
Dec 11 2024 23:24:28 JST: search_nametype_index: 100.168.192.in-addr.arpa
Dec 11 2024 23:24:28 JST: search_nametype_index: 100.168.192.in-addr.arpa
Dec 11 2024 23:24:28 JST: search_nametype_index: 168.192.in-addr.arpa
Dec 11 2024 23:24:28 JST: search_nametype_index: 168.192.in-addr.arpa
Dec 11 2024 23:24:28 JST: search_nametype_index: 192.in-addr.arpa
Dec 11 2024 23:24:28 JST: search_nametype_index: 192.in-addr.arpa
Dec 11 2024 23:24:28 JST: search_nametype_index: in-addr.arpa
Dec 11 2024 23:24:28 JST: search_nametype_index: in-addr.arpa
Dec 11 2024 23:24:28 JST: search_nametype_index: arpa
Dec 11 2024 23:24:28 JST: search_nametype_index: arpa.net.home
Dec 11 2024 23:24:28 JST: search_nametype_index: arpa
Dec 11 2024 23:24:28 JST: search_nametype_index: arpa.net.home
(略)
Dec 11 2024 23:24:28 JST: DNS: Re-sending DNS query (type 12, id#23864) to 8.8.8.8
Dec 11 2024 23:24:28 JST: DNS: Incoming UDP query (id#23864)
Dec 11 2024 23:24:28 JST: DNS: Type 12 response (id#23864) for host <254.100.168.192.in-addr.arpa> from 8.8.8.8(53)
Dec 11 2024 23:24:28 JST: DNS: Response code 3 (id#23864) from 8.8.8.8(53)
Dec 11 2024 23:24:28 JST: DNS: Forwarded back non-A response
Dec 11 2024 23:24:28 JST: DNS: Finished processing query (id#1) in 0.008 secs
Dec 11 2024 23:24:28 JST: DNS: Forwarding back reply to 192.168.100.1/63624
(ここまで逆引き)
Dec 11 2024 23:24:28 JST: DNS: Incoming UDP query (id#2)
Dec 11 2024 23:24:28 JST: DNS: Type 1 DNS query (id#2) for host 'win.net.home' from 192.168.100.1(63625)
Dec 11 2024 23:24:28 JST: DNS: Servicing request using view win-01
Dec 11 2024 23:24:28 JST: search_nametype_index: win.net.home
Dec 11 2024 23:24:28 JST: search_nametype_index: win.net.home
Dec 11 2024 23:24:28 JST: search_nametype_index: net.home
Dec 11 2024 23:24:28 JST: search_nametype_index: net.home
Dec 11 2024 23:24:28 JST: search_nametype_index: home
Dec 11 2024 23:24:28 JST: search_nametype_index: home
Dec 11 2024 23:24:28 JST: search_nametype_index: win.net.home
Dec 11 2024 23:24:28 JST: search_nametype_index: win.net.home
Dec 11 2024 23:24:28 JST: search_nametype_index: win.net.home
Dec 11 2024 23:24:28 JST: search_nametype_index: net.home
Dec 11 2024 23:24:28 JST: search_nametype_index: net.home
Dec 11 2024 23:24:28 JST: search_nametype_index: home
Dec 11 2024 23:24:28 JST: search_nametype_index: home
Dec 11 2024 23:24:28 JST: DNS: Re-sending DNS query (type 1, id#35022) to 192.168.10.1
Dec 11 2024 23:24:28 JST: DNS: Incoming UDP query (id#35022)
Dec 11 2024 23:24:28 JST: DNS: Type 1 response (id#35022) for host <win.net.home> from 192.168.10.1(53)
Dec 11 2024 23:24:28 JST: DOM: dom2cache: hostname is win.net.home, RR type=1, class=1, ttl=600, n=4
Dec 11 2024 23:24:28 JST: search_nametype_index: win.net.home
Dec 11 2024 23:24:28 JST: delete_nametype_from_index: searching win.net.home to delete
Dec 11 2024 23:24:28 JST: delete_nametype_from_index: name win.net.home not found to del
Dec 11 2024 23:24:28 JST: delete_nametype_from_index: also found 0 entries to delete directly
Dec 11 2024 23:24:28 JST: add_nametype_to_index: added win.net.home
Dec 11 2024 23:24:28 JST: delete_nametype_from_index: searching win.net.home to delete
Dec 11 2024 23:24:28 JST: delete_nametype_from_index: win.net.home found & deleted
Dec 11 2024 23:24:28 JST: delete_nametype_from_index: also found 0 entries to delete directly
Dec 11 2024 23:24:28 JST: add_nametype_to_index: added win.net.home
Dec 11 2024 23:24:28 JST: DNS: Forwarding back A response - no director required
Dec 11 2024 23:24:28 JST: DNS: Finished processing query (id#2) in 0.004 secs
Dec 11 2024 23:24:28 JST: DNS: Forwarding back reply to 192.168.100.1/63625Router# show hosts view win-01
Indexing success/error statistics:
19 entries matched perfectly
9 entries did NOT match each other
0 entries were found normally but not by indexing
50 entries were found by indexing but not normally
Name lookup View: win-01
Default domain is not set
Name/address lookup uses static mappings
Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
temp - temporary, perm - permanent
NA - Not Applicable None - Not defined
Host Port Flags Age Type Address(es)
win.net.home None (temp, OK) 0 IP 192.168.10.1その他の DNS クエリ応答
上記どちらにも該当しないドメイン名でクライアントPCから問い合わせを行う。
> nslookup -type=a www.yahoo.co.jp. 192.168.100.254
Server: UnKnown
Address: 192.168.100.254
Non-authoritative answer:
Name: edge12.g.yimg.jp
Address: 183.79.219.252
Aliases: www.yahoo.co.jpこの時、 Cisco IOS の Debug ログ、およびキャッシュ情報は以下の様になる。
※逆引きがウザイ・・・(^ν^)
さらにデフォルトドメインが悪さして「jp.net.home」でも問い合わせしている・・・
_(┐「ε:)_
Router#
Dec 11 2024 23:43:41 JST: DNS: Incoming UDP query (id#1)
Dec 11 2024 23:43:41 JST: DNS: Type 12 DNS query (id#1) for host '254.100.168.192.in-addr.arpa' from 192.168.100.1(52457)
Dec 11 2024 23:43:41 JST: DNS: Servicing request using view default
Dec 11 2024 23:43:41 JST: search_nametype_index: 254.100.168.192.in-addr.arpa
Dec 11 2024 23:43:41 JST: search_nametype_index: 254.100.168.192.in-addr.arpa
Dec 11 2024 23:43:41 JST: search_nametype_index: 100.168.192.in-addr.arpa
Dec 11 2024 23:43:41 JST: search_nametype_index: 100.168.192.in-addr.arpa
Dec 11 2024 23:43:41 JST: search_nametype_index: 168.192.in-addr.arpa
Dec 11 2024 23:43:41 JST: search_nametype_index: 168.192.in-addr.arpa
Dec 11 2024 23:43:41 JST: search_nametype_index: 192.in-addr.arpa
Dec 11 2024 23:43:41 JST: search_nametype_index: 192.in-addr.arpa
Dec 11 2024 23:43:41 JST: search_nametype_index: in-addr.arpa
Dec 11 2024 23:43:41 JST: search_nametype_index: in-addr.arpa
Dec 11 2024 23:43:41 JST: search_nametype_index: arpa
Dec 11 2024 23:43:41 JST: search_nametype_index: arpa.net.home
Dec 11 2024 23:43:41 JST: search_nametype_index: arpa
Dec 11 2024 23:43:41 JST: search_nametype_index: arpa.net.home
(略)
Dec 11 2024 23:43:41 JST: DNS: Re-sending DNS query (type 12, id#3151) to 8.8.8.8
Dec 11 2024 23:43:41 JST: DNS: Incoming UDP query (id#3151)
Dec 11 2024 23:43:41 JST: DNS: Type 12 response (id#3151) for host <254.100.168.192.in-addr.arpa> from 8.8.8.8(53)
Dec 11 2024 23:43:41 JST: DNS: Response code 3 (id#3151) from 8.8.8.8(53)
Dec 11 2024 23:43:41 JST: DNS: Forwarded back non-A response
Dec 11 2024 23:43:41 JST: DNS: Finished processing query (id#1) in 0.008 secs
Dec 11 2024 23:43:41 JST: DNS: Forwarding back reply to 192.168.100.1/52457
Dec 11 2024 23:43:41 JST: DNS: Incoming UDP query (id#2)
Dec 11 2024 23:43:41 JST: DNS: Type 1 DNS query (id#2) for host 'www.yahoo.co.jp' from 192.168.100.1(52458)
Dec 11 2024 23:43:41 JST: DNS: Servicing request using view default
Dec 11 2024 23:43:41 JST: search_nametype_index: www.yahoo.co.jp
Dec 11 2024 23:43:41 JST: search_nametype_index: www.yahoo.co.jp
Dec 11 2024 23:43:41 JST: search_nametype_index: yahoo.co.jp
Dec 11 2024 23:43:41 JST: search_nametype_index: yahoo.co.jp
Dec 11 2024 23:43:41 JST: search_nametype_index: co.jp
Dec 11 2024 23:43:41 JST: search_nametype_index: co.jp
Dec 11 2024 23:43:41 JST: search_nametype_index: jp
Dec 11 2024 23:43:41 JST: search_nametype_index: jp.net.home
Dec 11 2024 23:43:41 JST: search_nametype_index: jp
Dec 11 2024 23:43:41 JST: search_nametype_index: jp.net.home
Dec 11 2024 23:43:41 JST: search_nametype_index: www.yahoo.co.jp
Dec 11 2024 23:43:41 JST: search_nametype_index: www.yahoo.co.jp
Dec 11 2024 23:43:41 JST: search_nametype_index: www.yahoo.co.jp
Dec 11 2024 23:43:41 JST: search_nametype_index: yahoo.co.jp
Dec 11 2024 23:43:41 JST: search_nametype_index: yahoo.co.jp
Dec 11 2024 23:43:41 JST: search_nametype_index: co.jp
Dec 11 2024 23:43:41 JST: search_nametype_index: co.jp
Dec 11 2024 23:43:41 JST: search_nametype_index: jp
Dec 11 2024 23:43:41 JST: search_nametype_index: jp.net.home
Dec 11 2024 23:43:41 JST: search_nametype_index: jp
Dec 11 2024 23:43:41 JST: search_nametype_index: jp.net.home
Dec 11 2024 23:43:41 JST: DNS: Re-sending DNS query (type 1, id#21946) to 8.8.8.8
Dec 11 2024 23:43:41 JST: DNS: Incoming UDP query (id#21946)
Dec 11 2024 23:43:41 JST: DNS: Type 1 response (id#21946) for host <www.yahoo.co.jp> from 8.8.8.8(53)
Dec 11 2024 23:43:41 JST: DOM: dom2cache: hostname is www.yahoo.co.jp, RR type=5, class=1, ttl=900, n=16
Dec 11 2024 23:43:41 JST: DOM: dom2cache: hostname is www.yahoo.co.jp, RR type=1, class=1, ttl=60, n=4
Dec 11 2024 23:43:41 JST: search_nametype_index: edge12.g.yimg.jp
Dec 11 2024 23:43:41 JST: delete_nametype_from_index: searching www.yahoo.co.jp to delete
Dec 11 2024 23:43:41 JST: delete_nametype_from_index: name www.yahoo.co.jp not found to del
Dec 11 2024 23:43:41 JST: delete_nametype_from_index: searching edge12.g.yimg.jp to delete
Dec 11 2024 23:43:41 JST: delete_nametype_from_index: name edge12.g.yimg.jp not found to del
Dec 11 2024 23:43:41 JST: delete_nametype_from_index: also found 0 entries to delete directly
Dec 11 2024 23:43:41 JST: add_nametype_to_index: added www.yahoo.co.jp
Dec 11 2024 23:43:41 JST: add_nametype_to_index: added edge12.g.yimg.jp
Dec 11 2024 23:43:41 JST: delete_nametype_from_index: searching www.yahoo.co.jp to delete
Dec 11 2024 23:43:41 JST: delete_nametype_from_index: www.yahoo.co.jp found & deleted
Dec 11 2024 23:43:41 JST: delete_nametype_from_index: searching edge12.g.yimg.jp to delete
Dec 11 2024 23:43:41 JST: delete_nametype_from_index: edge12.g.yimg.jp found & deleted
Dec 11 2024 23:43:41 JST: delete_nametype_from_index: also found 0 entries to delete directly
Dec 11 2024 23:43:41 JST: add_nametype_to_index: added www.yahoo.co.jp
Dec 11 2024 23:43:41 JST: add_nametype_to_index: added edge12.g.yimg.jp
Dec 11 2024 23:43:41 JST: DNS: Forwarding back A response - no director required
Dec 11 2024 23:43:41 JST: DNS: Finished processing query (id#2) in 0.268 secs
Dec 11 2024 23:43:41 JST: DNS: Forwarding back reply to 192.168.100.1/52458Router# show hosts view default
Indexing success/error statistics:
20 entries matched perfectly
9 entries did NOT match each other
0 entries were found normally but not by indexing
52 entries were found by indexing but not normally
Default domain is net.home
Name/address lookup uses domain service
Name servers are 8.8.8.8
Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
temp - temporary, perm - permanent
NA - Not Applicable None - Not defined
Host Port Flags Age Type Address(es)
edge12.g.yimg.jp None (temp, OK) 0 IP 183.79.219.252
www.yahoo.co.jp【参考URL】
Cisco 841MでスプリットDNS
IP Addressing Configuration Guide, Cisco IOS XE 17.x
