Meraki

Community

Split DNS / DNS conditional forwarding

Jonesaus
Conversationalist
‎Aug 10 2021 9:09 PM
‎Aug 10 2021 9:09 PM

Split DNS / DNS conditional forwarding

Does anyone know if there is a feature in any Beta or in the roadmap for DNS conditional forwarding?

 

For example proxy any DNS requests for internal domains to internal DNS servers, and proxy all other requests to external DNS servers?

 

This would help if the internal DNS servers were unavailable due to a VPN outage at the DC or something, local branch services that don't rely on internal services can continue to operate using the local internet and external DNS servers.

 

something similar to these vendor's implementations:

DNS conditional forwarding (fortinet.com) 

Cisco SD-WAN (Viptela) Configuration Guide, Release 17.2 

Configure DNS Settings (vmware.com)

 

Labels:
0 Kudos
4 Replies 4
KarstenI
Kind of a big deal
Kind of a big deal
‎Aug 11 2021 2:33 AM
‎Aug 11 2021 2:33 AM

Cisco IOS routers also have this feature. I am not aware of any similar native feature on the MX.

But: If you have an Umbrella subscription (which is anyhow good to have for added security) you can use the Umbrella connector to implement this feature. Internal domains are resolved through the configured DNS-server, all internet-DNS is sent to Umbrella.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
Jonesaus
Conversationalist
‎Aug 11 2021 4:21 PM
‎Aug 11 2021 4:21 PM

Thanks for the info re umbrella.

 

in this case the client is a retailer who only have a single DC. in theory a lot of the store IT functions can continue if the DC is offline, but with the DNS servers sitting in the DC, even SaaS based apps now rely on the DC being available to function. 

 

Another option would be to use store server as local DNS server - but i think the long term plan is to remove store servers.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 11 2021 4:23 PM
‎Aug 11 2021 4:23 PM

You should use NHRT built into Windows 10 for this.  You can either configure it locally or via group policy.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn... 

In response to PhilipDAth
Aaron_Wilson
A model citizen
‎Aug 11 2021 5:04 PM
‎Aug 11 2021 5:04 PM

NHRT would only help solve Windows DNS stuff.

 

I agree, it would be great for Meraki to add DNS intercept/redirect.

Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.