Devices: ISR4321 (*Cisco IOS XE Software, Version 03.16.05.S)
In our remote branch offices we are using the ISR4321. Each ISR has a Private MPLS link back to HQ using a T1 line, as well as a local broadband connection for Internet. In order to relieve some stress on the T1, there's some of our websites which would normally give an internal IP address from our internal DNS servers, that we configured "ip hosts" for on the ISR to point to the public IP Address so those would go out the local broadband instead of the T1.
So basically, each PC in those branches uses the ISR as its DNS server. So I believe when a DNS request comes into the ISR, it'll first check its internal host table, and if no match is found, it then forwards the request to our internal DNS servers.
This seems to be working correctly in all of our branch offices except for one. In this one location, it appears as though NO dns requests are being forwarded to the Internal DNS servers, and I've been having to manually add internal hosts to the host table on the ISR in order for them to reach those servers.
Now, the only difference configuration-wise with this location and the others is that the Local Broadband connection is using DHCP to connect to the local broadband router, because it won't take a static address and we don't have admin access to the configuration of this router to change it.
The ip domain commands enabled on the ISR include:
# show run all | inc ip domain no ip domain round-robin ip domain list company.com ip domain list old.domain.local ip domain retry 2 ip domain timeout 3 no ip domain lookup recursive ip domain lookup ip domain lookup nsap ip domain multicast in-addr.arpa ip domain recursive retry 10 no ip domain recursive allow-soa
# show run all | inc ip name
ip name-server 192.168.5.35 10.50.1.3
I'm assuming that the DHCP configured for the local broadband interface is causing the issue, so I'm wondering if there is a way to fix this so I don't need to keep a full host table on the ISR that needs to be updated frequently.
Any thoughts or suggestions would be greatly appreciated!
Thanks in Advance,
Jaderson, thanks for the reply.
All the DHCP Pools are actually configured on the attached 2960 Switch.
DHCP Pool on 2960 Switch:
! ! *** The address 10.3.1.1 is the ISR *** ! ip dhcp pool PCs network 10.3.1.0 255.255.255.0 default-router 10.3.1.2 dns-server 10.3.1.1 192.168.5.35 10.50.1.3 domain-name jwpepper.com !
Also, I thought that adding the actually internal DNS server's as secondary servers would help act as a fail-safe. But, that doesn't seem to be the case.
Interface connecting ISR to Switch:
interface GigabitEthernet0/0/1 description Uplink to Switch no ip address negotiation auto ! interface GigabitEthernet0/0/1.1 description Inside 10.3.1.1 Interface encapsulation dot1Q 1 native ip address 10.3.1.1 255.255.255.0 ip nat inside zone-member security INSIDE !
Do you still need to see the full ISR config?