Cisco IOS Router as a DHCP/DNS Authoritative Server

I was trying to set up a SOHO router for a small client the other day and was having difficulty getting the DNS server to function the way I wanted on the router. I could get the DNS server to run on the Cisco Router, but it would only work on external domains. Any static record I added would not be resolvable for clients.

For starters, I will assume you have your own Cisco router running 12.4+ IOS firmware with ipservices.

DHCP first…

  1. First, let’s set up DHCP on the Router
  2. Enable DHCP service on that interface
  3. Configure DHCP settings

    • Here we set the network from which IPs will be handed out by the DHCP service with the network 10.0.0.0 255.255.255.0 statement.
    • We set the domain-name to yourdomain.local (this is very important for DNS to work), you may choose a different domain name, make sure it is qualified (i.e. me.com, you.com, us.local).
    • We set the dns-server IP address which will be the internal interface of the the router. For me 10.0.0.1 is VLan1’s IP.
    • Lastly we set the default-router as this router, this is what the DHCP server will assign as the default gateway on clients.
    • OPTIONAL: I put a lease of 7 days, this is optional.
  4. Second, we need to add the DHCP exclusion list. You have to add this even if you are not excluding any IPs in the network range from the previous step.

    Note: Here i am excluding 10.0.0.0 – 10.0.0.10. Make sure you at least exclude the routers IP address!!

DNS time!

Set up the DNS forwarders first. These are DNS servers that you will use when you can not respond authoritatively to your client’s DNS requests. (Pretty much any name that does not belong within the yourdomain.local will be passed “forwarded” to these.)

  1. Activate the DNS server, this will only be available if you are running an IOS with ipservices.

    Notice: If you do don’t have the ip dns server option, make sur eyou are running ipservices IOS
  2. Let’s use Open-DNS’s free public TLD DNS servers.

    Note: I also set a domain timeout of 1 second, and a domain retry of 0 so if the domain cannot be found it will not keep trying. I also said to use round-robin to choose the forwarder out of the pair for each query.
  3. Make a DNS authoratative zone!! This is the key part to get the DNS working for internal name resources.

    Ok, here we are starting a new SOA(start of authority) zone. We are telling the DNS server that we own the yourdomain.local and clients asking for anything in this zone should ask us. You can have as many SOA zones as you want, and hand them out to different networks connecting to your router.

    NOTE: Without this statement the router will only act as a DNS forwarder. It will not be able to resolve internal client names and resources, such as mycomputer.yourdomain.local would be forwarded to the DNS forwarders you set up in the previous step. This is not what we want to happen.

  4. OPTIONAL:Set the router’s own DNS settings, and adding static A record hosts to the zone.

    NOTE: For each A record, you will need the Fully-Qualified Domain Name (include the .yourdomain.local) If you do not clients will not be able to query for it because it will not match their query because the .yourdomain.local will automatically be appended.

There you have it! Try pinging myserver from your Router…Then try doing an nslookup of mysever on one of your clients.

Only 1 comment left Go To Comment

  1. Octavius Octavian /

    I’m not sure why you’re using round robin here:
    R1(config-dns)# domain round-robin

Leave a Reply