Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
908
Views
8
Helpful
5
Replies

cannot do nslooup from users after implemented VLAN on network

udimpas
Level 1
Level 1

‎08-10-2006 07:34 PM - edited ‎03-03-2019 04:28 AM

Hi all,

We just implemented vlan(6 vlans) on our network and it works fine. All traffic from diferent VLANs were routed by the L3 switch. We have 3750 switch which acts as L3 switch and 2970 and CE500 as access switches.

The issue is when clients tried to do nslookup on local DNS but could'nt get a reply. Our clients are very dependent on the AD which in turns also needs DNS to querry the DC.

But prior to implementing VLAN, when we're running on flat network we havent experience this issue.

Please see attached L3 config for reference.

Any inputs will be highly appreciated.

ursulo

Labels:
Preview file
8 KB
0 Helpful
5 Replies 5

jackyoung
Level 6
Level 6

‎08-10-2006 08:23 PM

Could you advise where is the DNS located ? Which VLAN ? I can't find the VLAN assignement of the access mode ethernet port ? Is ip name-server = DNS server = 192.168.1.230 ?

If it is VLAN 1, can you create a new VLAN and move the user and server to the new VLAN ? VLAN 1 normally is for the switch signal and control traffic. Better create separated VLAN for the data.

At last, did you try to enable the "ip domain-lookup" ? Why disable it ?

Hope this helps.

0 Helpful

udimpas
Level 1
Level 1
In response to jackyoung

‎08-10-2006 09:40 PM

Hi Jack,

Thanks for the prompt response!

The DNS is located on VLAN1 and in the 192.168.1.0 network including all servers. The primary DNS address is 192.168.1.230 while the secondary DNS is 192.168.1.247. The ip name-server=DNS server=192.168.1.247.

We will try to create a new VLAN and move a number of users and the affected servers into the new VLAN. But i would like to ask if this might be the one of the causes?

We intentionally disable "ip domain-lookup" to prevent delays when we mistype a command. should this be enabled?

Thanks for the help and looking forward for your comment.

Regards,

ursulo

0 Helpful

Aaron Harrison
VIP Alumni
VIP Alumni
In response to udimpas

‎08-10-2006 10:07 PM

Hi Ursulo

You don't need the ip domain-lookup command on the switches/routers if you don't want it - it won't have any effect at all on whether your clients work.

Presuming you have your DNS servers set correctly on your client PCs, you should probably try the following steps:

1) On a client PC on a new VLAN with the problems, type nslookup. Then try entering a server name - try it on it's own (i.e. server1) and as an FQDN (server1.domain.co.uk). Record the results.

2) On your DNS server, try an NSLOOKUP same as before, but point it to itself (once in NSLOOKUP, type 'server 192.168.1.230' if it doesn't have itself as the primary DNS). Record these results.

This should confirm whether the DNS server is responding at all, and whether it is responding from the new VLAN.

A few other questions:

1) What type of client PCs do you have?

2) What DNS servers do you have assigned to the NICs on your DNS servers and DCs?

3) In your DNS management MMC, enable view/advanced features. Do you have folders containing SRV records for your DCs/GCs etc in your domain DNS zone?

Often people have misoconfigured DNS setups with AD, but don't know it because they have flat LANs and NetBIOS will resolve the names and domains via broadcast. Suddenly when they go to a routed network things stop working.

You should also have WINS configured on your network - install this service on your DNS servers, and configure all servers and clients to use the service. It's a common misonception that WINS isn't needed anymore - whilst Windows itself shouldn't need it, some applications (e.g. Outlook) require it for some functions.

Hope this helps

Aaron

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

jackyoung
Level 6
Level 6
In response to Aaron Harrison

‎08-10-2006 10:25 PM

I agreed on Arron's suggestion and the "ip domain-lookup" may not useful, but this is worth to try for a simple step. If it not works, just disable it.

Did you try to add the .230 as ip name-server in the router config. ? e.g. ip name-server 192.168.1.230

For the VLAN issue, it is just a suggestion that should not related to this DNS issue. You can first try to solve the DNS issue then try VLAN modification.

According to the router config., the DHCP only assign one DNS server to the user but ip name-server is the secondary DNS server. So I suggest to add .230 in ip name-server config.

Please advise the result.

udimpas
Level 1
Level 1
In response to jackyoung

‎08-10-2006 11:26 PM

Hi Jack and Aaron,

Thank you very much for all your replies. We'll do all your suggestions and would definely give feedback.

Regards,

ursulo

0 Helpful
Customers Also Viewed These Support Documents