Background:
Recently I experimented with Split DNS on a Cisco 2951 router using two DNS views to separately resolve DNS lookups to internal and external sites. The internal view will resolve DNS lookups to my self-hosted services within the lab using the Domain Controllers, and the external view will serve regular traffic to the Internet. The configuration works as intended, however for some unknown reason the DNS lookups for external traffic took quite a bit longer than usual, while internal traffic works fine. It could be due to some glitch with a specific IOS firmware version or the router itself, but before I have other devices to compare, it remains a mystery for now. (Note: I did experiment with different combinations of the configurations when troubleshooting, hoping to narrow things down. But unfortunately traffic to the Internet was always slower than usual.)
Eventually, for better performance I reverted the changes back to using the basic single view DNS setting on the router and set it to use the DCs as the name servers, and then on the DCs I set CloudFlare’s 1.1.1.1 as the DNS forwarder. There was no slow DNS lookups anymore.
Configure Split DNS:
# Configure a separate DNS view for internal traffic:
ip dns view internal-view
domain list mydomain.local
domain name-server <DC-01s-IP-Address>
domain name-server <DC-02s-IP-Address>
exit
# Configure the default view to use for general internet traffic:
ip dns view default
domain name-server 1.1.1.1
domain name-server 8.8.8.8
exit
# or, use your ISP's DNS servers.
# Define a DNS name-list for your internal network's domain (e.g. mydomain.local):
ip dns name-list 100 permit .*.mydomain.local
# Define a DNS view-list called SPLITDNS, and assign the views with their appropriate evaluation order (10 and 99):
ip dns view-list SPLITDNS
view internal-view 10
restrict name-group 100
view default 99
# Enable DNS server:
ip dns server
ip dns server view-group SPLITDNSTroubleshooting:
To view debug messages and see if the correct views are being used for different traffic, enable the following debugging options accordingly:
debug ip dns view
debug ip dns view-list
debug ip dns name-list
terminal monitorTest name resolution with nslookup :
nslookup -type=ns myapp.mydomain.local
nslookup -type=ns www.google.comView configured DNS views:
show ip dns view
show ip dns view-list
show ip dns name-listReference article: Split DNS with Cisco Routers