Wireless Access

Reply
Contributor I
Posts: 36
Registered: ‎05-12-2011

Chromecast DNS Hard-code

I have a user who wants to use chromecast, but our network design currently requires users on our network to use our DNS servers. Apparantly, the DNS settings are hard-coded to Google's on the Chromecast.

 

Does anyone have any suggestions for strategies to counter this in my current design? I don't see a way out.

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Chromecast DNS Hard-code

The only thing I've seen is that you can change the DNS server if you root the Chromecast (which is obviously not feasible).


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Highlighted
Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Chromecast DNS Hard-code

You should be able to setup a policy to dst-nat DNS requests from Google's servers to yours.  For example:

 

user host 8.8.8.8 svc-dns dst-nat ip x.x.x.x

user host 8.8.4.4 svc-dns dst-nat ip x.x.x.x

 

you could also setup a netdestination for all Google's servers and use that instead

 

netdestination google-dns

  host 8.8.8.8

  host 8.8.4.4

user alias google-dns svc-dns dst-nat ip x.x.x.x

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Contributor I
Posts: 36
Registered: ‎05-12-2011

Re: Chromecast DNS Hard-code

Thanks for the information, clembo! I will give this a try and report back!

Contributor I
Posts: 36
Registered: ‎05-12-2011

Re: Chromecast DNS Hard-code

OP delivers! 7 months later now that I have PEF licensed, I went ahead and implented the following:

 

user host 8.8.8.8 svc-dns dst-nat ip x.x.x.x

user host 8.8.4.4 svc-dns dst-nat ip x.x.x.x

 

and applied it to the role the chromecasts land on, and it worked perfectly!

 

Thanks clembo!

 

P. S. - This is all going to be invalided by DNSSEC, isn't it? :)

MVP
Posts: 1,414
Registered: ‎11-30-2011

Re: Chromecast DNS Hard-code


alamey wrote:

P. S. - This is all going to be invalided by DNSSEC, isn't it? :)


not really sure it would be. DNSSEC is mainly active between the DNS server that actually has the authoritive DNS record and its higher levels. that you get there via different DNS servers shouldn't really matter.

Search Airheads
Showing results for 
Search instead for 
Did you mean: