Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2300
Views
3
Helpful
44
Replies

DNS Server forward look up times out

wtsmith
Level 1
Level 1

‎05-03-2024 10:23 AM

Hello, I am very new to networking and I am currently trying to set up a lab in my computer science class. I am trying to set a forward lookup zone to our parent network's DNS server. When doing so the request says "A timeout occurred during validation" My DNS server cannot ping their DNS, but my router 2 can ping their DNS. I've also attached a picture of the topography. My DNS Server and DHCP are running off of the VLAN 200 with Proxmox. Let me know if seeing any configurations would be helpful!

wtsmith_0-1714756866966.png

 

Labels:
0 Helpful
44 Replies 44

wtsmith
Level 1
Level 1
In response to MHM Cisco World

‎05-08-2024 08:10 AM

The pc is plugged into S1 VLAN 11 (172.16.11.1) and our DHCP gives it an IP in this and connects it to our domain and DNS (172.16.200.21).

But our DNS running off of windows server 2019 cannot let me set a forward lookup zone to our parent network's DNS (10.8.0.30) so our lab can get internet access.

MHM Cisco World
VIP
VIP
In response to wtsmith

‎05-08-2024 08:51 AM

Get it, from DNS server vlan 200 can you ping ISP DNS?

MHM

0 Helpful

MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎05-12-2024 01:43 AM

Any update ??

Did you check ping form server in vlan200 to external DNS server for zone forward?

I need to see the config of R2

I need to check defualt route inject into ospf also NAT if needing

MHM

0 Helpful

wtsmith
Level 1
Level 1
In response to MHM Cisco World

‎05-13-2024 06:25 AM

Sorry for the delay. I cannot ping the Forward lookup (10.8.0.30) from our vlan 200.
Here is R2 config:

Router2#show run
Building configuration...

Current configuration : 3122 bytes
!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router2
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$IIt.$zOfnsB3P8YUT.TrU1X1Re0
!
no aaa new-model
clock timezone EST -5 0
!
!
!
!
!
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More--
--More--
--More-- !
--More-- !
--More-- !
--More-- !
--More-- no ip domain lookup
--More-- ip cef
--More-- no ipv6 cef
--More-- !
--More-- multilink bundle-name authenticated
--More-- !
--More-- !
--More-- !
--More-- !
--More-- license udi pid CISCO1941/K9 sn FTX142580CU
--More-- license boot module c1900 technology-package securityk9
--More-- license boot module c1900 technology-package datak9
--More-- !
--More-- !
--More-- !
--More-- redundancy
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- interface Loopback0
--More-- ip address 172.16.255.2 255.255.255.255
--More-- !
--More-- interface Embedded-Service-Engine0/0
--More-- no ip address
--More-- shutdown
--More-- !
--More-- interface GigabitEthernet0/0
--More-- description Router2 GE 0/0 to Switch2 GE 0/1
--More-- no ip address
--More-- duplex auto
--More-- speed auto
--More-- !
--More-- interface GigabitEthernet0/0.1
--More-- description VLAN 1 Management
--More-- encapsulation dot1Q 1 native
--More-- ip address 172.16.30.1 255.255.255.0
--More-- !
--More-- interface GigabitEthernet0/0.11
--More-- description VLAN 11 BlueTeam
--More-- encapsulation dot1Q 11
--More-- ip address 172.16.31.1 255.255.255.0
--More-- ip helper-address 172.16.200.22
--More-- !
--More-- interface GigabitEthernet0/0.12
--More-- description VLAN 12 RedTeam
--More-- encapsulation dot1Q 12
--More-- ip address 172.16.32.1 255.255.255.0
--More-- ip helper-address 172.16.200.22
--More-- !
--More-- interface GigabitEthernet0/1
--More-- description ISP Traffic Outbound
--More-- ip address 10.202.240.1 255.255.255.240
--More-- ip nat outside
--More-- ip virtual-reassembly in
--More-- duplex auto
--More-- speed auto
--More-- !
--More-- interface Serial0/0/0
--More-- description Router2 DCE Serial0/0/0 to Router3 DTE Serial 0/0/0
--More-- ip address 172.16.40.1 255.255.255.248
--More-- ip nat inside
--More-- ip virtual-reassembly in
--More-- clock rate 56000
--More-- !
--More-- interface Serial0/0/1
--More-- description Router2 DTE Serial 0/0/1 to Router1 DCE Serial 0/0/0
--More-- ip address 172.16.20.2 255.255.255.248
--More-- ip nat inside
--More-- ip virtual-reassembly in
--More-- !
--More-- router ospf 109
--More-- !
--More-- router ospf 1
--More-- network 172.16.20.0 0.0.0.7 area 1
--More-- network 172.16.30.0 0.0.0.255 area 0
--More-- network 172.16.31.0 0.0.0.255 area 0
--More-- network 172.16.32.0 0.0.0.255 area 0
--More-- network 172.16.40.0 0.0.0.7 area 0
--More-- network 172.16.255.2 0.0.0.0 area 0
--More-- !
--More-- ip forward-protocol nd
--More-- !
--More-- no ip http server
--More-- no ip http secure-server
--More-- !
--More-- ip nat source list 1 interface GigabitEthernet0/1 overload
--More-- ip route 0.0.0.0 0.0.0.0 10.202.240.14
--More-- ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
--More-- ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
--More-- !
--More-- ipv6 ioam timestamp
--More-- !
--More-- !
--More-- access-list 1 permit 172.16.0.0 0.15.255.255
--More-- !
--More-- control-plane
--More-- !
--More-- !
--More-- vstack
--More-- banner login ^C!WARNING! You are permitted to use the system for authorized purposes only and may only use the system in accordance with the organization's Information Security Policy.^C
--More-- banner motd ^CHigh School Network Lab Welcome Master^C
--More-- !
--More-- line con 0
--More-- exec-timeout 5 0
--More-- password 7 124B574643
--More-- logging synchronous
--More-- login
--More-- line aux 0
--More-- password 7 153E24480B731F2108
--More-- line 2
--More-- no activation-character
--More-- no exec
--More-- transport preferred none
--More-- transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
--More-- stopbits 1
--More-- line vty 0 4
--More-- password 7 10693D234415052C5B
--More-- login
--More-- transport input none
--More-- !
--More-- scheduler allocate 20000 1000
--More-- !
--More-- end
--More--
Router2#
Router2#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/12 ms
Router2#traceroute 8.8.8.8
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
1 10.202.240.14 0 msec 0 msec 0 msec
2 10.0.254.83 4 msec 4 msec 4 msec
3 69.58.32.249 8 msec 8 msec 4 msec
4 204.25.193.105 16 msec 20 msec 20 msec
5 198.108.29.106 [MPLS: Labels 3044/16 Exp 0] 4 msec 8 msec 4 msec
6 204.25.192.0 4 msec 8 msec 4 msec
7 66.51.145.125 8 msec 4 msec 8 msec
8 207.91.239.242 4 msec 8 msec 8 msec
9 142.250.165.118 12 msec 24 msec 12 msec
10 * * *
11 8.8.8.8 8 msec 12 msec 8 msec
Router2#ping 10.8.0.30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.8.0.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/28 ms
Router2#



0 Helpful

MHM Cisco World
VIP
VIP
In response to wtsmith

‎05-15-2024 12:52 AM

Under ospf inject defualt originate 

This make R3 know path for external DNS server.

For NAT you include all subnet so it is OK

MHM

0 Helpful

wtsmith
Level 1
Level 1
In response to MHM Cisco World

‎05-15-2024 05:08 AM

How do I do that?
0 Helpful

wtsmith
Level 1
Level 1
In response to wtsmith

‎05-15-2024 06:30 AM

Would it be this?

router ospf 109
- !
router ospf 1
network 172.16.20.0 0.0.0.7 area 1
network 172.16.30.0 0.0.0.255 area 0
network 172.16.31.0 0.0.0.255 area 0
network 172.16.32.0 0.0.0.255 area 0
network 172.16.40.0 0.0.0.7 area 0
network 172.16.255.2 0.0.0.0 area 0
default-information originate
!

0 Helpful

MHM Cisco World
VIP
VIP
In response to wtsmith

‎05-15-2024 06:42 AM

Correct 

MHM

0 Helpful

wtsmith
Level 1
Level 1
In response to MHM Cisco World

‎05-15-2024 06:44 AM

Where should I go from here?

0 Helpful

MHM Cisco World
VIP
VIP
In response to wtsmith

‎05-15-2024 07:18 AM

sorry I dont get your Q

can you elaborate 

MHM

0 Helpful

wtsmith
Level 1
Level 1
In response to MHM Cisco World

‎05-15-2024 07:26 AM

I stil cannot set the forward lookup zone. Would you like me to send all of the router configurations?

0 Helpful

MHM Cisco World
VIP
VIP
In response to wtsmith

‎05-15-2024 07:34 AM

No friend 

In  R3 

do show ip route 

MHM

0 Helpful

wtsmith
Level 1
Level 1
In response to MHM Cisco World

‎05-15-2024 07:57 AM

 
Preview file
1783 KB
0 Helpful

Sanjay Shaw
Level 1
Level 1

‎05-15-2024 09:00 AM

As you said the DNS to DNS communication is established for forwarding and I assume the same for reverse as well.

If so, then there may be chance of trust requires additional authentication to enable forwarding the resolutions/queries which technically say its non authorative..

Also there could be chance of default timeout which needs to be increase, but I hardly doubt.

0 Helpful

wtsmith
Level 1
Level 1
In response to Sanjay Shaw

‎05-16-2024 06:13 AM

When I try to set the lookup zone to their DNS (10.8.0.30) from ours (172.16.200.21) it times out and doesnt resolve.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card