[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1342
  • Last Modified:

How to change DNS on cisco router so can use OPENDNS?

My end goal is to use OpenDns so that I can easily block some websites in our company.  Problem has been where do I change the DNS. First I did via DHCP server which worked for internet purpose but caused problem in local network...wasn't resolving names.

So I was advisted that it should be changed on T1 router..which is a cisco router. I googled for commands and cannot seem to find proper command to find the setup nor change it for DNS.

Any help is appreciated.
0
ETdude
Asked:
ETdude
1 Solution
 
jmeggersSr. Network and Security EngineerCommented:
I'm not clear -- are you trying to change the DNS address handed out through DHCP?
0
 
ETdudeAuthor Commented:
am trying to change the dns server that the T1 router goes to for resolving...instead of going to the ISP DNS server it should go to the one supplied by the OPENDNS company.
0
 
lrmooreCommented:
Look for something like this near the top of the config
 ip name-server x.y.z.a

You may not have anything specified, because this is only used by the router itself. For instance, at the command line you want to ping www.google.com
router#ping www.google.com
It will resolve it first, then ping it.
For anything originating on the user LAN, the router will never do a lookup.
You need to change the dns name-server IP addresses in your DHCP scope, not the router.



0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
ETdudeAuthor Commented:
My original thought and action was just that...to change the DNS lookup with the DHCP scope so all clients use the internet company OPENDNS DNS address and not our internal DNS address but then internal resources weren't connecting via their name.

Then I contacted OPENDNS and they said to do it on the router.

So I am going in circles and need to find a conclusive solution.
0
 
Craig BeckCommented:
On your DHCP server point your clients to an internal DNS server.
If you have Active Directory integrated DNS, set your DNS servers to these in DHCP.

Then, go to your internal DNS server and configure forwarders to point to the OpenDNS servers.
0
 
ETdudeAuthor Commented:
Currently our clients do point to our internal DNS server via our DHCP pushes.

Our Cisco FIrewall is our DHCP server and our DNS server is on a Windows 2003 server.

HOw would I know if the Active Directory is integrated with DNS? I didn't set all this up here?

By configuring forwarders to point to the OpenDNS servers will that ensure control of DNS for clients is being managed by OpenDNS?
0
 
Craig BeckCommented:
If you make clients use your internal DNS you will have control over what they can resolve internally.  Configuring your internal DNS to forward unresolved requests to OpenDNS means that clients can still resolve internal names whilst OpenDNS resolves external hostnames.

This will enable you to configure your internet policies at OpenDNS whilst still allowing clients to use internal LAN resources.

I would configure the 2003 server as your DHCP server as well as your DNS server.  If the server already has DNS and active directory it will be integrated already.
0
 
ETdudeAuthor Commented:
Ok...I think I understand now that I have to setup the OpenDNS on the windows 2003 server that is our DNS server.

The clients will have this windows server as their DNS server.

Now the question that needs clarification is do I simply go to the TCP \ IP properties on this server and change it's DNS to point to OpenDNS or is there something I have to do on the DNS setup or both?
0
 
Craig BeckCommented:
On the client NIC point it to the server for DNS.

On the server NIC point it to its own IP address for DNS.

In DNS Management on the server, right-click on the name of the server and select properties then go to Forwarders.
Enter the IP addresses of the OpenDNS servers here.

That's it!
0
 
ETdudeAuthor Commented:
Excellent. Your instructions were clear and it worked finally !!!
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now