05-03-2024 10:23 AM
Hello, I am very new to networking and I am currently trying to set up a lab in my computer science class. I am trying to set a forward lookup zone to our parent network's DNS server. When doing so the request says "A timeout occurred during validation" My DNS server cannot ping their DNS, but my router 2 can ping their DNS. I've also attached a picture of the topography. My DNS Server and DHCP are running off of the VLAN 200 with Proxmox. Let me know if seeing any configurations would be helpful!
05-08-2024 08:10 AM
The pc is plugged into S1 VLAN 11 (172.16.11.1) and our DHCP gives it an IP in this and connects it to our domain and DNS (172.16.200.21).
But our DNS running off of windows server 2019 cannot let me set a forward lookup zone to our parent network's DNS (10.8.0.30) so our lab can get internet access.
05-08-2024 08:51 AM
Get it, from DNS server vlan 200 can you ping ISP DNS?
MHM
05-12-2024 01:43 AM
Any update ??
Did you check ping form server in vlan200 to external DNS server for zone forward?
I need to see the config of R2
I need to check defualt route inject into ospf also NAT if needing
MHM
05-13-2024 06:25 AM
Sorry for the delay. I cannot ping the Forward lookup (10.8.0.30) from our vlan 200.
Here is R2 config:
Router2#show run
Building configuration...
Current configuration : 3122 bytes
!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router2
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$IIt.$zOfnsB3P8YUT.TrU1X1Re0
!
no aaa new-model
clock timezone EST -5 0
!
!
!
!
!
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More--
--More--
--More-- !
--More-- !
--More-- !
--More-- !
--More-- no ip domain lookup
--More-- ip cef
--More-- no ipv6 cef
--More-- !
--More-- multilink bundle-name authenticated
--More-- !
--More-- !
--More-- !
--More-- !
--More-- license udi pid CISCO1941/K9 sn FTX142580CU
--More-- license boot module c1900 technology-package securityk9
--More-- license boot module c1900 technology-package datak9
--More-- !
--More-- !
--More-- !
--More-- redundancy
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- interface Loopback0
--More-- ip address 172.16.255.2 255.255.255.255
--More-- !
--More-- interface Embedded-Service-Engine0/0
--More-- no ip address
--More-- shutdown
--More-- !
--More-- interface GigabitEthernet0/0
--More-- description Router2 GE 0/0 to Switch2 GE 0/1
--More-- no ip address
--More-- duplex auto
--More-- speed auto
--More-- !
--More-- interface GigabitEthernet0/0.1
--More-- description VLAN 1 Management
--More-- encapsulation dot1Q 1 native
--More-- ip address 172.16.30.1 255.255.255.0
--More-- !
--More-- interface GigabitEthernet0/0.11
--More-- description VLAN 11 BlueTeam
--More-- encapsulation dot1Q 11
--More-- ip address 172.16.31.1 255.255.255.0
--More-- ip helper-address 172.16.200.22
--More-- !
--More-- interface GigabitEthernet0/0.12
--More-- description VLAN 12 RedTeam
--More-- encapsulation dot1Q 12
--More-- ip address 172.16.32.1 255.255.255.0
--More-- ip helper-address 172.16.200.22
--More-- !
--More-- interface GigabitEthernet0/1
--More-- description ISP Traffic Outbound
--More-- ip address 10.202.240.1 255.255.255.240
--More-- ip nat outside
--More-- ip virtual-reassembly in
--More-- duplex auto
--More-- speed auto
--More-- !
--More-- interface Serial0/0/0
--More-- description Router2 DCE Serial0/0/0 to Router3 DTE Serial 0/0/0
--More-- ip address 172.16.40.1 255.255.255.248
--More-- ip nat inside
--More-- ip virtual-reassembly in
--More-- clock rate 56000
--More-- !
--More-- interface Serial0/0/1
--More-- description Router2 DTE Serial 0/0/1 to Router1 DCE Serial 0/0/0
--More-- ip address 172.16.20.2 255.255.255.248
--More-- ip nat inside
--More-- ip virtual-reassembly in
--More-- !
--More-- router ospf 109
--More-- !
--More-- router ospf 1
--More-- network 172.16.20.0 0.0.0.7 area 1
--More-- network 172.16.30.0 0.0.0.255 area 0
--More-- network 172.16.31.0 0.0.0.255 area 0
--More-- network 172.16.32.0 0.0.0.255 area 0
--More-- network 172.16.40.0 0.0.0.7 area 0
--More-- network 172.16.255.2 0.0.0.0 area 0
--More-- !
--More-- ip forward-protocol nd
--More-- !
--More-- no ip http server
--More-- no ip http secure-server
--More-- !
--More-- ip nat source list 1 interface GigabitEthernet0/1 overload
--More-- ip route 0.0.0.0 0.0.0.0 10.202.240.14
--More-- ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
--More-- ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
--More-- !
--More-- ipv6 ioam timestamp
--More-- !
--More-- !
--More-- access-list 1 permit 172.16.0.0 0.15.255.255
--More-- !
--More-- control-plane
--More-- !
--More-- !
--More-- vstack
--More-- banner login ^C!WARNING! You are permitted to use the system for authorized purposes only and may only use the system in accordance with the organization's Information Security Policy.^C
--More-- banner motd ^CHigh School Network Lab Welcome Master^C
--More-- !
--More-- line con 0
--More-- exec-timeout 5 0
--More-- password 7 124B574643
--More-- logging synchronous
--More-- login
--More-- line aux 0
--More-- password 7 153E24480B731F2108
--More-- line 2
--More-- no activation-character
--More-- no exec
--More-- transport preferred none
--More-- transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
--More-- stopbits 1
--More-- line vty 0 4
--More-- password 7 10693D234415052C5B
--More-- login
--More-- transport input none
--More-- !
--More-- scheduler allocate 20000 1000
--More-- !
--More-- end
--More--
Router2#
Router2#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/12 ms
Router2#traceroute 8.8.8.8
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
1 10.202.240.14 0 msec 0 msec 0 msec
2 10.0.254.83 4 msec 4 msec 4 msec
3 69.58.32.249 8 msec 8 msec 4 msec
4 204.25.193.105 16 msec 20 msec 20 msec
5 198.108.29.106 [MPLS: Labels 3044/16 Exp 0] 4 msec 8 msec 4 msec
6 204.25.192.0 4 msec 8 msec 4 msec
7 66.51.145.125 8 msec 4 msec 8 msec
8 207.91.239.242 4 msec 8 msec 8 msec
9 142.250.165.118 12 msec 24 msec 12 msec
10 * * *
11 8.8.8.8 8 msec 12 msec 8 msec
Router2#ping 10.8.0.30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.8.0.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/28 ms
Router2#
05-15-2024 12:52 AM
Under ospf inject defualt originate
This make R3 know path for external DNS server.
For NAT you include all subnet so it is OK
MHM
05-15-2024 05:08 AM
05-15-2024 06:30 AM
Would it be this?
router ospf 109
- !
router ospf 1
network 172.16.20.0 0.0.0.7 area 1
network 172.16.30.0 0.0.0.255 area 0
network 172.16.31.0 0.0.0.255 area 0
network 172.16.32.0 0.0.0.255 area 0
network 172.16.40.0 0.0.0.7 area 0
network 172.16.255.2 0.0.0.0 area 0
default-information originate
!
05-15-2024 06:42 AM
Correct
MHM
05-15-2024 06:44 AM
Where should I go from here?
05-15-2024 07:18 AM
sorry I dont get your Q
can you elaborate
MHM
05-15-2024 07:26 AM
I stil cannot set the forward lookup zone. Would you like me to send all of the router configurations?
05-15-2024 07:34 AM
No friend
In R3
do show ip route
MHM
05-15-2024 07:57 AM
05-15-2024 09:00 AM
As you said the DNS to DNS communication is established for forwarding and I assume the same for reverse as well.
If so, then there may be chance of trust requires additional authentication to enable forwarding the resolutions/queries which technically say its non authorative..
Also there could be chance of default timeout which needs to be increase, but I hardly doubt.
05-16-2024 06:13 AM
When I try to set the lookup zone to their DNS (10.8.0.30) from ours (172.16.200.21) it times out and doesnt resolve.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide