In the previous article we enabled and checked IPv4 connectivity between all potential host within 192.168.128.0/17 and the outside Networks beyond ISP box. But, this is pretty useless as I can't imagine my kids typing IPv6 address (2001:8b0:0:30::666:102) in the browser in order to play a FUN puzzle. (Though for now we are suppose to have only IPv4 ) So we definitely need to provide name service resolution at the SOHO router itself.
In this article we will pursue the SOHO network appliance installation and enable name service to all host @ home.
[ SOHO #005 ] - "Got your Id number, but ... What's your name ?"
First step, it is need to configure the router as a client name for an existing DNS server.
So this declare our SOHO router as DNS client for 126.96.36.199 as primary DNS server and 188.8.131.52 as backup DNS server.
This step is mandatory as it will bind traffic originated from SOHO router to a specific VRF (here: inet). So this can be also qualified as "VRF proxy-awareness". In this way all DNS traffic originated from the router will be bound to VRF inet. This is done in 2 steps. The first step is to create the proxy-profile and bind it to the main VRF inet. The second step is to declare the SOHO router as client of this proxy-profile service.
Step -3-, configure DNS cache / server
- enable recursion (recursive query toward other DNS defined 184.108.40.206, 220.127.116.11)
- bind it to a specific interface (so SOHO router will answer only DNS from this interface)
- bind it to VRF inet
So this declare our SOHO router as DNS client for 18.104.22.168 as primary DNS server and 22.214.171.124 as backup DNS server
Step -4-, configure DNS and DHCP to propagate default dummy zone local
- Use local if you don't plan to propagate a domain name
- create local as dummy zone
When -1- and -2- are realised the router can resolve name
This can be verified only using a host connected to SOHO router. Let's assume a laptop connected behind sdn6.
As said IPv6 verification are just FYI, as we are supposed to have deployed only IPv4 till now. The point to show off IPv6 verification is to verify DNS AAAA request are working properly.
In this article DNS service has been enabled at:
- SOHO router level
- All host getting an IPv4 via DHCP will get a DNS server set to SOHO@loopback0 (192.168.254.1)
RARE validated design: [ SOHO #005 ] - key take-away
In this example the key take-away are:
- proxy-profile usage in order to proxy DNS query into VRF inet
- proxy-profile can be used to proxy other types of traffic
- data/routed traffic is not affected by proxy-profile