Cisco Cisco Packet Data Gateway (PDG) Guia De Resolução De Problemas
HA Proxy DNS Intercept
▀ Overview
▄ Cisco ASR 5000 Series Enhanced Feature Configuration Guide
OL-22982-01
Overview
An inherent problem in many mobile IP scenarios is the placement of the foreign network‘s Domain Name Server
(DNS) behind a firewall. When a mobile user roams into a foreign network and the DNS address is returned to the home
network, the home network does not have access to the foreign network‘s DNS. A common solution is to implement IS-
835D, but the majority of legacy mobile handsets and most current handsets do not support this standard.
(DNS) behind a firewall. When a mobile user roams into a foreign network and the DNS address is returned to the home
network, the home network does not have access to the foreign network‘s DNS. A common solution is to implement IS-
835D, but the majority of legacy mobile handsets and most current handsets do not support this standard.
To address this, a proxy DNS intercept feature is available for the Home Agent (HA). This feature, when configured,
looks for DNS packets and compares the DNS IP address in the destination address field to a configured rules list. If the
destination address matches an address on a ―pass through‖ rules list, the packets are allowed to continue without
modification. If the destination address is on a ―redirect‖ rules list, the packets are intercepted and the visited network‘s
DNS IP address is replaced with the home network‘s DNS IP address while the call is accessing the home network.
When the DNS response is returned to the mobile node, the HA removes the home network‘s DNS address and returns
the original visited network‘s address so the mobile node is not aware that a modification has occurred. The flow in the
following figure provides an example of what happens when a visited networks DNS address is intercepted by the HA.
looks for DNS packets and compares the DNS IP address in the destination address field to a configured rules list. If the
destination address matches an address on a ―pass through‖ rules list, the packets are allowed to continue without
modification. If the destination address is on a ―redirect‖ rules list, the packets are intercepted and the visited network‘s
DNS IP address is replaced with the home network‘s DNS IP address while the call is accessing the home network.
When the DNS response is returned to the mobile node, the HA removes the home network‘s DNS address and returns
the original visited network‘s address so the mobile node is not aware that a modification has occurred. The flow in the
following figure provides an example of what happens when a visited networks DNS address is intercepted by the HA.