One of our customers is requesting a solution to a problem that may be possible with the current balance OS but the way to implement it may not be directly clearly obvious and we were wondering if anyone here knows how to do this.
Basically, by the customers company policy and for the active directory to work properly they are asking us that the balance routers be the main DNS, this because they perform two roles, one be the DNS servers, and 2 relay requests from the AD DNS servers so machines know where to go when looking for local names.
Recently, users have started changing their machines DNS without company authorization using all sorts of tools and installing googles to get around the company firewall, this causes all sorts of nightmares when the next person that sits in the machine, tries to use it, and it doesn’t work, creating tickets.
I realize the main problem is user stupidity, and that is RHs problem but since most of the users are young and the churn is high for this customer, were not holding our breath for them to fix it anytime soon.
Is a relatively simple fix on the IT side, basically route ALL DNS TRAFFIC to the peplinks IP regardless of destination
Essentially Re-Routing all traffic on port 53 udp/tcp to the peplink local LAN IP, on linux its done with something like this:
iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to (PepLANIP)
iptables -t nat -A PREROUTING -p tcp --dport 53 -j DNAT --to (PepLANIP)
Ive seen some people do this with static routes as well but the peps wont allow static routes to itself.
On a cisco its something like this:
ip route 184.108.40.206 255.255.255.255 (PepLANIP)
Maybe something like any of those two methods can be mcguivered by doing clever use of ip routing and firewall settings on the balance, but everything ive tried has not worked. (maybe even using the fabled/rumored hidden terminal?)
Any assistance by someone with more experience doing something like this with peplinks would be greatly appreciated.