DNS Doctoring / Reply Modification on Cisco 1900 series ISR

DNS doctoring, also known as DNS reply modification, is a technique used to alter the response given by a DNS server in order to redirect a user to a different IP address than the one initially requested. This technique is typically used in order to balance the load across multiple web servers or to redirect users to a different server when the primary server is down.

DNS doctoring can be performed on Cisco 1900 series ISR routers using the “ip nat inside source” and “ip nat outside source” commands. The “ip nat inside source” command is used to specify the source IP address range, destination IP address range, and protocol which should be subject to network address translation (NAT). The “ip nat outside source” command is then used to specify the external IP address which should be used for the destination IP address range specified in the “ip nat inside source” command.

For example, if the internal server has an IP address of 10.0.0.1 and the external IP address is 1.2.3.4, the following commands would be used to perform DNS doctoring:

ip nat inside source 10.0.0.1/24 1.2.3.4/24

ip nat outside source 1.2.3.4/24

When a user on the internal network attempts to access a web server located on the external network, the router will intercept the request and route it to the external IP address specified in the “ip nat outside source” command. This will result in the user being directed to the web server located at the external IP address instead of the one located at the internal IP address.

In addition to using the “ip nat” commands, DNS doctoring can also be performed using the “ip dns-reply-modify” command. This command is used to modify the DNS reply sent from the DNS server in order to redirect the user to a different IP address. For example, if the user attempts to access a web server located at the IP address 10.0.0.2, the following command can be used to modify the DNS reply sent from the DNS server:

ip dns-reply-modify 10.0.0.2 1.2.3.4

This command will modify the reply from the DNS server so that the user is redirected to the web server located at the external IP address specified in the command.

DNS doctoring is a useful technique which can be used to balance the load across multiple web servers or to redirect users to a different server when the primary server is down. It can be performed on Cisco 1900 series ISR routers using either the “ip nat” or “ip dns-reply-modify” commands. These commands are easy to use and provide the flexibility to redirect users to different servers as needed.