DNS NAT Redirect (Optional)¶
If TNSR is acting as a DNS server and clients should use the VRRP IP address as their DNS server, this method allows that to function. The NAT redirect captures DNS requests clients send to the VRRP IP address and redirects them to a loopback interface.
Note
The target can be an interface address on either node, but that requires the configuration to be different on each node. This method allows the same configuration to be applied to all nodes.
The configuration in this section is identical on all nodes, run the same commands on each.
Configure Loopback¶
First, set up a loopback interface:
tnsr(config)# interface loopback dnsredirect
tnsr(config-loopback)# instance 0
tnsr(config-loopback)# exit
tnsr(config)# interface loop0
tnsr(config-interface)# ip address 10.28.1.5/32
tnsr(config-interface)# enable
tnsr(config-interface)# exit
Bind DNS to Loopback¶
Next, inform the DNS server to listen on the loopback interface address:
tnsr(config)# unbound server
tnsr(config-unbound)# interface 10.28.1.5
tnsr(config-unbound)# exit
NAT Redirect Rule¶
Now create a NAT redirect rule to capture DNS requests and send them to the loopback address:
tnsr(config)# vpf nat ruleset LAN-nat
tnsr(config-vpf-nat-ruleset)# rule 100
tnsr(config-vpf-nat-rule)# description Forward DNS Requests
tnsr(config-vpf-nat-rule)# direction in
tnsr(config-vpf-nat-rule)# dynamic
tnsr(config-vpf-nat-rule)# protocol tcp udp
tnsr(config-vpf-nat-rule)# to ipv4-prefix 10.28.0.1/32
tnsr(config-vpf-nat-rule)# to port 53
tnsr(config-vpf-nat-rule)# nat-prefix 10.28.1.5/32
tnsr(config-vpf-nat-rule)# nat-port 53
tnsr(config-vpf-nat-rule)# exit
tnsr(config-vpf-nat-ruleset)# exit
Activate Ruleset¶
Finally, apply this ruleset on the LAN interface as it must be on the same interface where the client requests originate:
tnsr(config)# vpf options
tnsr(config-vpf-option)# interface LAN nat-ruleset LAN-nat
tnsr(config-vpf-option)# exit
tnsr(config)#