Cisco Cisco IOS Software Release 12.4(4)T
VRF-Aware DNS
Information About VRF-Aware DNS
2
Cisco IOS Release 12.4(4)T
Information About
VRF-Aware DNS
To configure the VRF-Aware DNS feature, you should understand the following concepts:
•
•
Domain Name System
Domain Name System (DNS) is a standard that defines a domain naming procedure used in TCP/IP. A
domain is a hierarchical separation of the network into groups and subgroups with domain names
identifying the structure. The named groups consist of named objects, usually devices like IP hosts, and
the subgroups are domains. DNS has three basic functions:
domain is a hierarchical separation of the network into groups and subgroups with domain names
identifying the structure. The named groups consist of named objects, usually devices like IP hosts, and
the subgroups are domains. DNS has three basic functions:
•
Name space: This function is a hierarchical space organized from a single root into domains. Each
domain can contain device names or more specific information. A special syntax defines valid
names and identifies the domain names.
domain can contain device names or more specific information. A special syntax defines valid
names and identifies the domain names.
•
Name registration: This function is used to enter names into the DNS database. Policies are outlined
to resolve conflicts and other issues.
to resolve conflicts and other issues.
•
Name resolution: This function is a distributed client and server name resolution standard. The name
servers are software applications that run on a server and contain the resource records (RRs) that
describe the names and addresses of those entities in the DNS name space. A name resolver is the
interface between the client and the server. The name resolver requests information from the server
about a name. A cache can be used by the name resolver to store learned names and addresses.
servers are software applications that run on a server and contain the resource records (RRs) that
describe the names and addresses of those entities in the DNS name space. A name resolver is the
interface between the client and the server. The name resolver requests information from the server
about a name. A cache can be used by the name resolver to store learned names and addresses.
A DNS server can be a dedicated device or a software process running on a device. The server stores and
manages data about domains and responds to requests for name conflict resolutions. In a large DNS
implementation, there can be a distributed database over many devices. A server can be a dedicated
cache.
manages data about domains and responds to requests for name conflict resolutions. In a large DNS
implementation, there can be a distributed database over many devices. A server can be a dedicated
cache.
VRF Mapping and VRF-Aware DNS
To keep track of domain names, IP has defined the concept of a name server, whose job is to hold a cache
(or database) of names appended to IP addresses. The cached information is important because the
requesting DNS will not need to query for that information again, which is why DNS works well. If a
server had to query each time for the same address because it had not saved any data, the queried servers
would be flooded and would crash.
(or database) of names appended to IP addresses. The cached information is important because the
requesting DNS will not need to query for that information again, which is why DNS works well. If a
server had to query each time for the same address because it had not saved any data, the queried servers
would be flooded and would crash.
A gateway for multiple enterprise customers can be secured by mapping the remote users to a VRF
domain. Mapping means obtaining the IP address of the VRF domain for the remote users. By using VRF
domain mapping, a remote user can be authenticated by a VRF domain-specific AAA server so that the
remote-access traffic can be forwarded within the VRF domain to the servers on the corporate network.
domain. Mapping means obtaining the IP address of the VRF domain for the remote users. By using VRF
domain mapping, a remote user can be authenticated by a VRF domain-specific AAA server so that the
remote-access traffic can be forwarded within the VRF domain to the servers on the corporate network.
To support traffic for multiple VRF domains, the DNS and the servers used to resolve conflicts must be
VRF aware. VRF aware means that a DNS subsystem will query the VRF name cache first, then the VRF
domain, and store the returned RRs in a specific VRF name cache. Users are able to configure separate
DNS name servers per VRF.
VRF aware. VRF aware means that a DNS subsystem will query the VRF name cache first, then the VRF
domain, and store the returned RRs in a specific VRF name cache. Users are able to configure separate
DNS name servers per VRF.