Solved

How to change DNS on cisco router so can use OPENDNS?

Posted on 2011-03-21
10
1,275 Views
Last Modified: 2012-05-11
My end goal is to use OpenDns so that I can easily block some websites in our company.  Problem has been where do I change the DNS. First I did via DHCP server which worked for internet purpose but caused problem in local network...wasn't resolving names.

So I was advisted that it should be changed on T1 router..which is a cisco router. I googled for commands and cannot seem to find proper command to find the setup nor change it for DNS.

Any help is appreciated.
0
Comment
Question by:ETdude
10 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 35184549
I'm not clear -- are you trying to change the DNS address handed out through DHCP?
0
 

Author Comment

by:ETdude
ID: 35184611
am trying to change the dns server that the T1 router goes to for resolving...instead of going to the ISP DNS server it should go to the one supplied by the OPENDNS company.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 35185654
Look for something like this near the top of the config
 ip name-server x.y.z.a

You may not have anything specified, because this is only used by the router itself. For instance, at the command line you want to ping www.google.com
router#ping www.google.com
It will resolve it first, then ping it.
For anything originating on the user LAN, the router will never do a lookup.
You need to change the dns name-server IP addresses in your DHCP scope, not the router.



0
 

Author Comment

by:ETdude
ID: 35194035
My original thought and action was just that...to change the DNS lookup with the DHCP scope so all clients use the internet company OPENDNS DNS address and not our internal DNS address but then internal resources weren't connecting via their name.

Then I contacted OPENDNS and they said to do it on the router.

So I am going in circles and need to find a conclusive solution.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 35198718
On your DHCP server point your clients to an internal DNS server.
If you have Active Directory integrated DNS, set your DNS servers to these in DHCP.

Then, go to your internal DNS server and configure forwarders to point to the OpenDNS servers.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:ETdude
ID: 35200876
Currently our clients do point to our internal DNS server via our DHCP pushes.

Our Cisco FIrewall is our DHCP server and our DNS server is on a Windows 2003 server.

HOw would I know if the Active Directory is integrated with DNS? I didn't set all this up here?

By configuring forwarders to point to the OpenDNS servers will that ensure control of DNS for clients is being managed by OpenDNS?
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 35202198
If you make clients use your internal DNS you will have control over what they can resolve internally.  Configuring your internal DNS to forward unresolved requests to OpenDNS means that clients can still resolve internal names whilst OpenDNS resolves external hostnames.

This will enable you to configure your internet policies at OpenDNS whilst still allowing clients to use internal LAN resources.

I would configure the 2003 server as your DHCP server as well as your DNS server.  If the server already has DNS and active directory it will be integrated already.
0
 

Author Comment

by:ETdude
ID: 35210808
Ok...I think I understand now that I have to setup the OpenDNS on the windows 2003 server that is our DNS server.

The clients will have this windows server as their DNS server.

Now the question that needs clarification is do I simply go to the TCP \ IP properties on this server and change it's DNS to point to OpenDNS or is there something I have to do on the DNS setup or both?
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 250 total points
ID: 35211813
On the client NIC point it to the server for DNS.

On the server NIC point it to its own IP address for DNS.

In DNS Management on the server, right-click on the name of the server and select properties then go to Forwarders.
Enter the IP addresses of the OpenDNS servers here.

That's it!
0
 

Author Comment

by:ETdude
ID: 35219080
Excellent. Your instructions were clear and it worked finally !!!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
IPV6 and AWS 3 53
Setup ADSL modem with Router 7 44
Website Domain Forwarding 1 37
Parse DNS log 3 33
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now