Solved: DNS server selection

MatthiasN · ‎04-23-2021

Hi,

We have multiple name servers configured on a router, 2 internal and 1 external (google dns).
The idea is to use the internal ones primarily and if both do not reply go for the google one, eg. that we still receive an email notification when the IPSec tunnel is down.

It is configured like this:
ip name-server IP-internal-DNS-1 IP-internal-DNS-2 8.8.8.8

How does the router select which DNS IP it will use. I have the felling that on Fuji 16.9.6 (on a 4461) it got selected randomly (or fastest replier) out of the list. On an older 2911 (on 15.7(3)M7) it sticks to the first configured IP address of that list.

I am currently in the process of verifying that assumption with a few debugs, but if anyone knows the exact rule which is followed that would be great.

Thanks for your help in advance

MatthiasN · ‎05-07-2021

Hi,

For consistency I'll post Cisco's official reply here as well. DNS works as designed:

-The original design assumption of DNS is that all servers provide access to the same data. So there is no particular reason to prefer one DNS server over another, except for server responsiveness.

One option would be to use DNS Views, documented here https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dns/configuration/xe-3s/dns-xe-3s-book/configuring_dns.html#GUID-8914CDC7-6E59-44AA-8407-FB5622E292A4

View solution in original post

marce1000 · ‎04-23-2021

- Presumably this could be tested by for instance router> test002 , meaning when doing this a few times, note the name servers being used albeit randomized or not.

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

MatthiasN · ‎04-23-2021

Thanks,

Looks like the debugging answered my question:

FDC-4461-RT-E-MDF# ping internalHost
% Unrecognized host or address, or protocol not running.

ROUTER#
Apr 23 09:44:34.252: IP: Pre-routing: update nexthop: topoid: 0x0 s=xx.xx.xx.xx(local), d=yy.yy.yy.yy Intf: (GigabitEthernet0/0/2), Found gw: zz.zz.zz.zz
Apr 23 09:44:34.252: IP: tableid=0, s=xx.xx.xx.xx (local), d=yy.yy.yy.yy (GigabitEthernet0/0/2) nexthop=zz.zz.zz.zz, pre-routed
Apr 23 09:44:34.252: IP: s=xx.xx.xx.xx (local), d=yy.yy.yy.yy (GigabitEthernet0/0/2), len 74, sending
Apr 23 09:44:34.476: IP: Pre-routing: update nexthop: topoid: 0x0 s=aa.aa.aa.aa(local), d=8.8.8.8, Intf: (GigabitEthernet0/0/1), Found gw: bb.bb.bb.bb
Apr 23 09:44:34.476: IP: tableid=0, s=aa.aa.aa.aa (local), d=8.8.8.8 (GigabitEthernet0/0/1) nexthop=bb.bb.bb.bb, pre-routed
Apr 23 09:44:34.476: IP: s=aa.aa.aa.aa (local), d=8.8.8.8 (GigabitEthernet0/0/1), len 82, sending
Apr 23 09:44:34.476: IP: s=aa.aa.aa.aa (local), d=8.8.8.8 (GigabitEthernet0/0/1), len 82, output feature, feature skipped, IPSec output classification(36), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
Apr 23 09:44:34.476: IP: s=aa.aa.aa.aa (local), d=8.8.8.8 (GigabitEthernet0/0/1), len 82, output feature, feature skipped, QoS Classification(40), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
Apr 23 09:44:34.477: IP: s=aa.aa.aa.aa (local), d=8.8.8.8 (GigabitEthernet0/0/1), len 82, output feature, feature skipped, Firewall (NAT)(50), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
Apr 23 09:44:34.477: IP: s=aa.aa.aa.aa (local), d=8.8.8.8 (GigabitEthernet0/0/1), len 82, output feature, feature skipped, IPSec: to crypto engine(85), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
Apr 23 09:44:34.477: IP: s=aa.aa.aa.aa (local), d=8.8.8.8 (GigabitEthernet0/0/1), len 82, output feature, feature skipped, Post-encryption output features(86), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
Apr 23 09:44:34.477: IP: s=aa.aa.aa.aa (local), d=8.8.8.8 (GigabitEthernet0/0/1), len 82, pre-encap feature
ROUTER#, feature skipped, IPSec Output Encap(1), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
Apr 23 09:44:34.477: IP: s=aa.aa.aa.aa (local), d=8.8.8.8 (GigabitEthernet0/0/1), len 82, pre-encap feature, feature skipped, Crypto Engine(3), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
Apr 23 09:44:34.605: IP: Pre-routing: update nexthop: topoid: 0x0 s=xx.xx.xx.xx(local), d=cc.cc.cc.cc, Intf: (GigabitEthernet0/0/2), Found gw: zz.zz.zz.zz
Apr 23 09:44:34.605: IP: tableid=0, s=xx.xx.xx.xx (local), d=cc.cc.cc.cc (GigabitEthernet0/0/2) nexthop=zz.zz.zz.zz, pre-routed
Apr 23 09:44:34.605: IP: s=xx.xx.xx.xx (local), d=cc.cc.cc.cc (GigabitEthernet0/0/2), len 86, sending

The problem is that no correct IP address is entered to the host table.
It is working fine when removing google DNS - I have to add there, google dns does not know a valid IP for the internal host, this is just an example. Anyway, it is working fine on my 2911

marce1000 · ‎04-23-2021

> ...google dns does not know a valid IP for the internal host

Wouldn't it be difficult for google dns to resolve addresses from internal hosts ?

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

MatthiasN · ‎04-23-2021

Sure, but why aren't the valid replies from the internal DNS servers used ?

Matthias

MatthiasN · ‎05-07-2021

Hi,

For consistency I'll post Cisco's official reply here as well. DNS works as designed:

-The original design assumption of DNS is that all servers provide access to the same data. So there is no particular reason to prefer one DNS server over another, except for server responsiveness.

One option would be to use DNS Views, documented here https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dns/configuration/xe-3s/dns-xe-3s-book/configuring_dns.html#GUID-8914CDC7-6E59-44AA-8407-FB5622E292A4