Router DNS issue

Richard Tapp · ‎05-11-2023

We use our Cisco routers as DNS for the local site they serve.

So basically, we have domains set up for internal DNS servers and public DNS servers, which then use lists to specifiy the details for urls or subnets which are used for internal.

The 10.75.xx.xx one will be gone soon. The issue is that if I dont have this in, then if a local pc does an nslookup, it goes to the router (as set in DHCP), but can not resolve the address.

But if the PC does an nslookup with one of the other address set, so 'nslookup xxxxxx.com 10.208.xx.xx' it resolves it ok, so I know routing to the new DNS servers is ok.

The question what am I missing ? Do I need an 'ip name-server 10.208.x.x' for all the internal DNS servers ? I currently have it for the 10.75.x.x one

ip dns view default
dns forwarder 8.8.8.8

ip dns view INTDOMAIN
dns forwarder 10.75.xx.xx
dns forwarder 10.208.xx.xx
dns forwarder 10.208.xx.xx
dns forwarder 10.209.xx.xx
dns forwarder 10.209.xx.xx

ip dns view-list INTDNS
view INTDOMAIN 10
restrict name-group 45
view default 99

ip dns name-list 45 permit 10\IN-ADDR
ip dns name-list 45 permit .*.xxxxx.xx-xxxxxx.COM

Flavio Miranda · ‎05-11-2023

Hi

On the DHCP server, are you sending the 10.75.xx.xx as the DNS server ? Sounds to me that the default option to clients is 10.75.xx.xx but it can use another one if you specify on the nslookup.

Richard Tapp · ‎05-11-2023

No the router LAN interface is the DNS server set in DHCP. Then the router chooses the best DNS server to use based on the config above. So nslookup uses the LAN interface IP to resolve DNS

Flavio Miranda · ‎05-11-2023

And the LAN is not on the network 10.75.x.x ?

If not, then, it could be a matter of sequencing as the 10.75.x.x is the first on in the range. What you can try is remove the 10.75.x.x and then run the command "ipconfig /flushdns"

MHM Cisco World · ‎05-11-2023

what is DNS server push to Host ? you must push DNS server IP of router

'ip name-server 10.208.x.x' You need to config ip name-server for all DNS server

Richard Tapp · ‎05-11-2023

Yes LAN IP of router is pushed with DHCP to PCs and I am trying now with all internal DNS servers listed in 'ip name-server'

Richard Tapp · ‎05-11-2023

This did not work

I am trying now with all internal DNS servers listed in 'ip name-server'

MHM Cisco World · ‎05-11-2023

Did you have

ip domain lookup

You need it in router

Richard Tapp · ‎05-11-2023

We do, but it is set to source interface Loop0, should we have that as the LAN interface ?

MHM Cisco World · ‎05-11-2023

Can you more elaborate? Where you config LO?

Richard Tapp · ‎05-11-2023

ip domain lookup source-interface Loopback0

MHM Cisco World · ‎05-11-2023

Dont specify source for DNS.

Richard Tapp · ‎05-15-2023

Not yet. I have now set 'ip domain time-out' to 10 seconds.

But when I do an nslookup it still says timeout was 2 seconds, I have a feeling 2 seconds is a bit border line for where the DNS servers are located.

But if I do an nslookup with the specifying the first server in the list on the router DNS it resolves it.