CISCO IOS Router as a CA / DNS

CISCO IOS Router as a CA /DNS 

 

 

Setting IOS router as DNS Server.

First step is to enable the DNS service and domain lookup on the router:

CA(config)#ip dns server

CA(config)#ip  domain-lookup

CA(config)#ip domain name bbhome.local

CA(config)# ip name-server 192.168.1.254 ( my Local DSL Router GW IP)

CA(config)# ip name-server 8.8.8.8 ( google DNS if above server fails)

Testing :

CA#ping yahoo.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 98.139.180.149, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 91/104/131 ms
CA#ping google.com
Translating “google.com”…domain server (192.168.1.254) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 216.58.206.78, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 11/12/14 ms

Testing Local Hostname :

I have setup a host ASAV11 with IP 192.168.1.249

#ip host ASAV11..bbhome.local  192.168.1.249

testing

CA#ping ASAv11.bbhome.local
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.249, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/25/54 ms

Some of DNS Show commnads :

CA#show ip dns primary
Primary for zone bbhome.local:
SOA information:
Zone primary (MNAME): ns1.bbhome.local
Zone contact (RNAME): ns2.bbhome.local
Refresh (seconds): 21600
Retry (seconds): 900
Expire (seconds): 7776000
Minimum (seconds): 86400

CA#show ip dns view
DNS View default parameters:
Logging is off
DNS Resolver settings:
Domain lookup is enabled
Default domain name: bbhome.local
Domain search list: bbhome.local
Lookup timeout: 3 seconds
Lookup retries: 2
Domain name-servers:
192.168.1.254
8.8.8.8
Resolver source interface: GigabitEthernet0/0
DNS Server settings:
Forwarding of queries is enabled
Forwarder timeout: 3 seconds
Forwarder retries: 2
Forwarder addresses:

CA#show ip dns statistics
DNS requests received = 12 ( 12 + 0 )    <– you can see 12 requests
DNS requests dropped = 0 ( 0 + 0 )
DNS responses replied = 0 ( 0 + 0 )

Forwarder queue statistics:
Current size = 0
Maximum size = 0
Drops = 0

Configuring myPC with new DNS Server ( IOS router)

Nslookup for yahoo.com, works

checking local hostname query for ASAv11.bbhome.local

 

 

Router check DNS Queries :

 

 

Looks good, Next Setup CA Server for Local Certificate authority.

Requirements

Plan Your PKI Before You Configure the Certificate Server

Before you configure a Cisco IOS certificate server, it is important that you have planned for and chosen appropriate values for the settings you intend to use within your PKI (such as certificate lifetimes and certificate revocation list (CRL) lifetimes). After the settings are configured in the certificate server and certificates are granted, settings cannot be changed without having to reconfigure the certificate server and re-enrolling the peers.

Enable the HTTP Server

Configuring CA Server :

You can verify the certificate stored in NVRAM

 

Check CA Server running

Check Certification Validation :

As of now the Certificate Server Grant mode manual, iam going to set that as Auto, so certificates can be enrolled automatically.

Now CA Server up and running. We use CA Server as PKI for device authentication in the coming LABS.

Happy Labinggggggg !