DNS NAT Redirect (Optional)

If TNSR is acting as a DNS server and clients should use the VRRP IP address as their DNS server, this method allows that to function. The NAT redirect captures DNS requests clients send to the VRRP IP address and redirects them to a loopback interface.

Note

The target can be an interface address on either node, but that requires the configuration to be different on each node. This method allows the same configuration to be applied to all nodes.

The configuration in this section is identical on all nodes, run the same commands on each.

Configure Loopback

First, set up a loopback interface:

tnsr(config)# interface loopback dnsredirect
tnsr(config-loopback)# instance 0
tnsr(config-loopback)# exit
tnsr(config)# interface loop0
tnsr(config-interface)# ip address 10.28.1.5/32
tnsr(config-interface)# enable
tnsr(config-interface)# exit

Bind DNS to Loopback

Next, inform the DNS server to listen on the loopback interface address:

tnsr(config)# unbound server
tnsr(config-unbound)# interface 10.28.1.5
tnsr(config-unbound)# exit

NAT Redirect Rule

Now create a NAT redirect rule to capture DNS requests and send them to the loopback address:

tnsr(config)# vpf nat ruleset LAN-nat
tnsr(config-vpf-nat-ruleset)# rule 100
tnsr(config-vpf-nat-rule)# description Forward DNS Requests
tnsr(config-vpf-nat-rule)# direction in
tnsr(config-vpf-nat-rule)# dynamic
tnsr(config-vpf-nat-rule)# protocol tcp udp
tnsr(config-vpf-nat-rule)# to ipv4-prefix 10.28.0.1/32
tnsr(config-vpf-nat-rule)# to port 53
tnsr(config-vpf-nat-rule)# nat-prefix 10.28.1.5/32
tnsr(config-vpf-nat-rule)# nat-port 53
tnsr(config-vpf-nat-rule)# exit
tnsr(config-vpf-nat-ruleset)# exit

Activate Ruleset

Finally, apply this ruleset on the LAN interface as it must be on the same interface where the client requests originate:

tnsr(config)# vpf options
tnsr(config-vpf-option)# interface LAN nat-ruleset LAN-nat
tnsr(config-vpf-option)# exit
tnsr(config)#