https://community.cisco.com/t5/software-defined-access-sd-access/cisco-9500-as-dns-server-problem/m-p/4148254#M851 <P>Hi</P><P>Yes, route leak is in place as same IP is serving DHCP and DHCP is working fine. I think problem is related to switch not forwarding dns queries coming to it.</P> Wed, 09 Sep 2020 08:32:55 GMT OrkhanRustamli 2020-09-09T08:32:55Z https://community.cisco.com/t5/software-defined-access-sd-access/cisco-9500-as-dns-server-problem/m-p/4147194#M841 <P>Hello.</P><P>&nbsp;</P><P>In my fabric network cisco 9500series stack is acting as Fusion. I have configured DNS Server on it to server as proxy to my clients. Last 3 days we have been doing migration to office and I had to change 9500 and reconfigure from 0 again and upgraded image to&nbsp;<EM>cat9k_iosxe.16.12.04.SPA.bin.</EM></P><P>&nbsp;</P><P>The problem is now DNS is not working on clients, they have to use 8.8.8.8 directly. I tried pinging some global domains from switch itself, which works fine but users` request are not processed.</P><P>&nbsp;</P><P>There is not any firewall between as I imported switch loopback into VRFs and back.&nbsp;</P><P>&nbsp;</P><P>This is configuration i tried first:</P><PRE>ip domain name XYZ.local ip domain-lookup ip name-server 8.8.8.8 8.8.4.4 ip dns server ip host dnac.XYZ.local 192.168.xxx.yyy</PRE><P>Then I tried to do DNS Forwarding with new way:</P><PRE>ip access-list standard DNS_PERMIT permit 192.168.0.0 0.0.255.255 ip dns name-list 1 permit .* ip dns view default domain name-server 8.8.8.8 domain name-server 8.8.4.4 domain name XYZ.local dns forwarding source-interface Loopback0 ip dns view-list LAN view default 1 restrict source access-group DNS_PERMIT restrict name-group 1 ip dns server view-group LAN ip dns server</PRE><P>None of above helped. Users can even query the local binding which defined in switch with "ip host". Clients can ping switch`s loopback address which is used as dns server. And again from switch I can ping all the domains.</P><P>&nbsp;</P><P>What can be the reason?</P> Mon, 07 Sep 2020 08:19:14 GMT https://community.cisco.com/t5/software-defined-access-sd-access/cisco-9500-as-dns-server-problem/m-p/4147194#M841 OrkhanRustamli 2020-09-07T08:19:14Z https://community.cisco.com/t5/software-defined-access-sd-access/cisco-9500-as-dns-server-problem/m-p/4147931#M850 <P>Hi</P><P>&nbsp;</P><P>Since users are part of VRF, are you injecting a default route into VRF table?&nbsp; All the above configs are part of GRT, which is fine, but hope the route leaking on the fusion is taken care off?</P> Tue, 08 Sep 2020 16:00:41 GMT https://community.cisco.com/t5/software-defined-access-sd-access/cisco-9500-as-dns-server-problem/m-p/4147931#M850 mnagired 2020-09-08T16:00:41Z https://community.cisco.com/t5/software-defined-access-sd-access/cisco-9500-as-dns-server-problem/m-p/4148254#M851 <P>Hi</P><P>Yes, route leak is in place as same IP is serving DHCP and DHCP is working fine. I think problem is related to switch not forwarding dns queries coming to it.</P> Wed, 09 Sep 2020 08:32:55 GMT https://community.cisco.com/t5/software-defined-access-sd-access/cisco-9500-as-dns-server-problem/m-p/4148254#M851 OrkhanRustamli 2020-09-09T08:32:55Z