Serving multiple DNS search domains in IOS DHCP

Jun 13, 2011
tags: cisco, dhcp, dns, ios, python

I have a Cisco router at home which I also use as a DHCP server, and it works pretty well. Today I wanted to fix a long-standing issue on my network, in that I want multiple DNS search domains.

First off, the domain-name DHCP option doesn’t support multiple entries so we can’t use that. So, off to try raw DHCP option codes. You can find the list of options here, thus 119 is the one I want.

Trying a simple:

ip dhcp pool host.net.example.com
   option 119 ascii net.example.com,example.com

didn’t work at all. A quick prod of lazyweb (in this case Simon on IRC) suggested using hex input instead. In order to do that we need to convert the ASCII string into Cisco’s hex sequence, which is as follows:

  • Split domain name by dot
  • Prepend each string by its length (in hex)
  • NUL terminate each domain
  • Dot-seperate the final string in 16bit chunks

To do this I wrote a quick Python script:

#!/usr/bin/python

import sys

hexlist = []
for domain in sys.argv[1:]:
    for part in domain.split("."):
        hexlist.append("%02x" % len(part))
        for c in part:
            hexlist.append(c.encode("hex"))
    hexlist.append("00")

print "".join([(".%s" % (x) if i and not i % 2 else x) \
               for i, x in enumerate(hexlist)])

which can be used like this:

$ ./cisco.py net.example.com example.com
036e.6574.0765.7861.6d70.6c65.0363.6f6d.0007.6578.616d.706c.6503.636f.6d00

Then back to IOS and paste it in:

ip dhcp pool host.net.example.com
   option 119 hex 036e.6574.0765.7861.6d70.6c65.0363.6f6d.0007.6578.616d.706c.6503.636f.6d00

This seems to do what we want, though IOS appears to append a dot to each domain when serving via DHCP.

One last note, if you use this in addition to domain-name then the option 119 list will be appended to the domain-name name in the search list, so you’d actually want something like this:

ip dhcp pool host.net.example.com
   domain-name net.example.com
   option 119 hex 0765.7861.6d70.6c65.0363.6f6d.00

to generate a resolv.conf containing:

domain net.example.com
search net.example.com example.com.
Share this post on Twitter, HackerNews, Facebook or Google+

All Posts