Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1497
Views
0
Helpful
2
Replies

Using ISR as DNS Forwarder

Matthew Martin
Level 5
Level 5

‎03-12-2019 11:04 AM

Hello All,

 

Devices: ISR4321 (*Cisco IOS XE Software, Version 03.16.05.S)

 

In our remote branch offices we are using the ISR4321. Each ISR has a Private MPLS link back to HQ using a T1 line, as well as a local broadband connection for Internet. In order to relieve some stress on the T1, there's some of our websites which would normally give an internal IP address from our internal DNS servers, that we configured "ip hosts" for on the ISR to point to the public IP Address so those would go out the local broadband instead of the T1.

 

So basically, each PC in those branches uses the ISR as its DNS server. So I believe when a DNS request comes into the ISR, it'll first check its internal host table, and if no match is found, it then forwards the request to our internal DNS servers.

 

This seems to be working correctly in all of our branch offices except for one. In this one location, it appears as though NO dns requests are being forwarded to the Internal DNS servers, and I've been having to manually add internal hosts to the host table on the ISR in order for them to reach those servers.

 

Now, the only difference configuration-wise with this location and the others is that the Local Broadband connection is using DHCP to connect to the local broadband router, because it won't take a static address and we don't have admin access to the configuration of this router to change it.

 

The ip domain commands enabled on the ISR include:

# show run all | inc ip domain
no ip domain round-robin
ip domain list company.com
ip domain list old.domain.local
ip domain retry 2
ip domain timeout 3
no ip domain lookup recursive
ip domain lookup
ip domain lookup nsap
ip domain multicast in-addr.arpa
ip domain recursive retry 10
no ip domain recursive allow-soa

# show run all | inc ip name 
ip name-server 192.168.5.35 10.50.1.3

I'm assuming that the DHCP configured for the local broadband interface is causing the issue, so I'm wondering if there is a way to fix this so I don't need to keep a full host table on the ISR that needs to be updated frequently.

 

Any thoughts or suggestions would be greatly appreciated!

 

Thanks in Advance,

Matt

Labels:
0 Helpful
2 Replies 2

Jaderson Pessoa
VIP Alumni
VIP Alumni

‎03-12-2019 11:14 AM

Hello,

Does your router has dns server configured to redistribute on pools?

Could you provide the configuration of your router?
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Matthew Martin
Level 5
Level 5
In response to Jaderson Pessoa

‎03-12-2019 01:10 PM

Jaderson, thanks for the reply.

 

All the DHCP Pools are actually configured on the attached 2960 Switch.

 

DHCP Pool on 2960 Switch:

 

!
! *** The address 10.3.1.1 is the ISR ***
!
ip dhcp pool PCs
 network 10.3.1.0 255.255.255.0
 default-router 10.3.1.2 
 dns-server 10.3.1.1 192.168.5.35 10.50.1.3 
 domain-name jwpepper.com
!

 

Also, I thought that adding the actually internal DNS server's as secondary servers would help act as a fail-safe. But, that doesn't seem to be the case.

 

Interface connecting ISR to Switch:

interface GigabitEthernet0/0/1
 description Uplink to Switch
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/1.1
 description Inside 10.3.1.1 Interface
 encapsulation dot1Q 1 native
 ip address 10.3.1.1 255.255.255.0
 ip nat inside
 zone-member security INSIDE
!

Do you still need to see the full ISR config?

 

-Matt

0 Helpful
Customers Also Viewed These Support Documents