Split DNS / DNS conditional forwarding

Jonesaus
Conversationalist

Split DNS / DNS conditional forwarding

Does anyone know if there is a feature in any Beta or in the roadmap for DNS conditional forwarding?

 

For example proxy any DNS requests for internal domains to internal DNS servers, and proxy all other requests to external DNS servers?

 

This would help if the internal DNS servers were unavailable due to a VPN outage at the DC or something, local branch services that don't rely on internal services can continue to operate using the local internet and external DNS servers.

 

something similar to these vendor's implementations:

DNS conditional forwarding (fortinet.com) 

Cisco SD-WAN (Viptela) Configuration Guide, Release 17.2 

Configure DNS Settings (vmware.com)

 

4 REPLIES 4
KarstenI
Kind of a big deal

Cisco IOS routers also have this feature. I am not aware of any similar native feature on the MX.

But: If you have an Umbrella subscription (which is anyhow good to have for added security) you can use the Umbrella connector to implement this feature. Internal domains are resolved through the configured DNS-server, all internet-DNS is sent to Umbrella.

Jonesaus
Conversationalist

Thanks for the info re umbrella.

 

in this case the client is a retailer who only have a single DC. in theory a lot of the store IT functions can continue if the DC is offline, but with the DNS servers sitting in the DC, even SaaS based apps now rely on the DC being available to function. 

 

Another option would be to use store server as local DNS server - but i think the long term plan is to remove store servers.

PhilipDAth
Kind of a big deal

You should use NHRT built into Windows 10 for this.  You can either configure it locally or via group policy.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn... 

NHRT would only help solve Windows DNS stuff.

 

I agree, it would be great for Meraki to add DNS intercept/redirect.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels