Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1777
Views
25
Helpful
4
Replies

Cisco ISR 4331 not working as DNS properly

EduardR
Level 1
Level 1

‎03-13-2018 10:25 AM - edited ‎03-01-2019 06:27 PM

Hi all,

I got an issue with a Cisco ISR 4331, it has been configured to work as a DNS for some small network with other network devices (Nexus, Catalyst and others), but the name resolution is not working properly. When I use the resolution form the Nexus devices, it work fine, but from the catalyst it does not work.

 

My DNS configuration in the 4331 is this:

ip host TEST1 10.10.10.1
ip host TEST2 10.10.10.2
ip host TEST ns NS1.TEST
ip host TEST ns ns.TEST
ip host ns.TEST 1.1.1.1 <- Router IP

ip domain name TEST

ip dns server
ip dns primary TEST soa ns.TEST admin@TEST 86400 3600 1209600 86400

The Nexus has this line:

ip domain-name TEST
ip name-server 1.1.1.1

And the Catalyst this one:

ip domain-name TEST
ip name-server 1.1.1.1

From the Nexus I got:

NEXUS# ping TEST1
PING APIC-1 (10.10.10.1): 56 data bytes
64 bytes from 172.28.36.1: icmp_seq=0 ttl=63 time=1.49 ms
64 bytes from 172.28.36.1: icmp_seq=1 ttl=63 time=0.569 ms

But from the catalyst the output is:

CATALYST#ping TEST1
Translating "TEST1"...domain server (1.1.1.1)
% Unrecognized host or address, or protocol not running.

Is there something i am doing wrong with this configuration? Does anyone has an ISR working ok as DNS? Any help will be appreciated.

1 person had this problem
Labels:
0 Helpful
4 Replies 4

resolveits
Level 1
Level 1

‎03-02-2022 12:06 AM

Hi,

Did you ever find a solution to this problem as I also have the same issue. Thanks.

Georg Pauwen
VIP
VIP
In response to resolveits

‎03-02-2022 12:53 AM

Hello,

 

you are running into this on a Catalyst switch, a Nexus, or an ISR router ?

resolveits
Level 1
Level 1
In response to Georg Pauwen

‎03-02-2022 01:28 AM

Hi Georg,

 

Thank you for your quick reply.

 

I discovered that my NAT was not configured properly in that I had "ip nat outside" configured on the wrong interface. After adding "ip nat outside" to interface GigabitEhternet0/0/0 in the config it started working. I do not understand why this is the case because I thought the correct outside interface is the Dialer1. Please see config below.

 

In addition, I now have the problem whereby when I ping a domain that is pointing to my public IP address, the ping returns the internal IP address of the router on the inside interface (being 10.0.0.1) instead of the external IP. When pinging sip.aus.co it should be returning ipv4: 203.194.xx.xxx.

 

I use the domain sip.aus.co for my ITSP to locate my equipment.

 

eg:

[From Router]

ISR4331#ping sip.aus.co
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

[From PC returns IP address of PC]

C:\Users\CO>ping sip.aus.co

Pinging sip.aus.co [10.0.0.110] with 32 bytes of data:
Reply from 10.0.0.110: bytes=32 time<1ms TTL=128
Reply from 10.0.0.110: bytes=32 time<1ms TTL=128
Reply from 10.0.0.110: bytes=32 time<1ms TTL=128
Reply from 10.0.0.110: bytes=32 time<1ms TTL=128

Ping statistics for 10.0.0.110:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

 

 

=============CONFIG============

!
ip name-server 8.8.8.8
ip domain lookup source-interface GigabitEthernet0/0/1
ip domain name isr4331.local
ip dhcp excluded-address 10.0.0.1 10.0.0.99
!
ip dhcp pool data
import all
network 10.0.0.0 255.255.255.0
dns-server 8.8.8.8 1.1.1.1
default-router 10.0.0.1
option 150 ip 10.0.0.1
domain-name isr4331.local

 

===//====

 

interface GigabitEthernet0/0/0
description Arris CM8200 NBN
no ip address
ip nat outside    ! <---  I added this here
media-type rj45
negotiation auto
no mop enabled
!
interface GigabitEthernet0/0/0.2
description WAN Connection VLAN 2 TPG
encapsulation dot1Q 2
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/0/1
ip address 10.0.0.1 255.255.255.0
ip nat inside
negotiation auto
no mop enabled
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp pap sent-username xxxxxxxx password 0 xxxxxxxx
!
ip forward-protocol nd
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http client username cisco
ip http client password 0 cisco
ip http path flash:
ip tftp source-interface GigabitEthernet0/0/1
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip ssh version 2
!
access-list 1 permit any

 

Georg Pauwen
VIP
VIP
In response to resolveits

‎03-02-2022 02:08 AM

Hello,

 

odd indeed, as the dialer interface is the outside, so 'ip nat outside' applied to that interface should be enough, in theory.

 

In any case, change the access list 1 from:

 

access-list 1 permit any

 

to

 

access-list 1 permit 10.0.0.0 0.0.0.255

Customers Also Viewed These Support Documents