05-24-2022 05:23 AM - edited 05-24-2022 05:23 AM
We have a few 4321 routers on 17.3.3 that we are using as console routers, previously everything worked great. Then we had to move to SMART licensing and it has caused us so many issues.
We previously had bare minimum config on these devices including no DNS lookups at all. We have a bunch of "ip host" entries tied to port numbers so that we can telnet/console into the connected devices.
Now, with SMART net we had to add DNS lookups, and if I try to telnet to a console session it sits and hangs for 20-30 seconds trying to do DNS lookups before falling back to the "ip host" entries.
This is unacceptable for backdoor console connections that are mainly used for emergencies when in-band management has died. I also can no longer configure "ip domain timeout" or "ip domain retry" as the CLI barks at me and says that CLI is no longer supported.
Is there some easy way around this that I just haven't been able to find?
05-24-2022 05:31 AM
Hi
You can try to lower the timeout
ip domain timeout xx
05-24-2022 05:42 AM - edited 05-24-2022 05:43 AM
Hey Flavio,
I should have mentioned we are using a vrf to access our DNS server, so config looks like:
ip dns view vrf Mgmt-intf default
domain name-server vrf Mgmt-intf x.x.x.x
domain name xxxxxx.local
We actually already have that command on a global level, but it doesn't seem to affect the length of how long it takes to fall back to the "ip host" entry, and still hangs for upwards of 30 seconds.
And if I try to enter either "domain timeout" or "domain retry" under that ip dns view above, it just says:
ROUTER(config)#ip dns view vrf Mgmt-intf default
ROUTER(cfg-dns-view)#domain timeout 2
% Warning: This DNS CLI is no more supported, Please refer to config guide for more information
ROUTERcfg-dns-view)#domain retry 1
% Warning: This DNS CLI is no more supported, Please refer to config guide for more information
05-24-2022 06:05 AM
I see. This is called by Cisco VRF-Aware DNS.
https://www.cisco.com/c/en/us/td/docs/ios/12_4t/ip_addr/configuration/guide/tvrfdns.html#wp1047729
Theorically, the command still there. Maybe the syntax is not correct
Try to use:
ip domain "VRF" timeout
Another option would be adding an entry for those host you access remotely on DNS server.
05-24-2022 06:53 AM
Unfortunately that doesn't exist, syntax is fine.
Just to clarify, DNS works just fine in my VRF and I don't want to change anything for DNS in my Mgmt-intf VRF.
I just need the router to not do dns lookups for my ip host entries that are locally configured.
05-24-2022 05:54 AM
05-24-2022 06:00 AM
Thanks MHM,
That at least explains that there is no way to use timeout or retry, but does that mean then that there are no solutions for this issue?
Anyway to tell IOS to check my local IP Hosts before going to do DNS lookups?
05-24-2022 06:25 AM
ip domain name [vrf vrf-name] name
OK you config IP DNS view VRF-ware try using IP domain name VRF-ware also.
05-24-2022 06:41 AM
MHM,
The DNS in my VRF is working fine, that's where my SMART licensing is going out to Cisco.
I need my global routing table DNS to not do domain lookups so that when I want to reference my local ip hosts, they don't go check DNS first.
But the more I try out these suggestions the more I realize that DNS is just plain confusing in IOS.
I tried to setup another global DNS view and setting no domain lookup in the global view, broke DNS for my VRF-aware view, which makes no sense at all.
ip dns view default
no domain lookup <- adding this broke lookups for VRF DNS.
dns forwarding
Even though this still exists in the router:
ip domain lookup vrf Mgmt-intf source-interface GigabitEthernet0
ip dns view vrf Mgmt-intf default
domain name-server vrf Mgmt-intf x.x.x.x
domain name techopsprod.local
05-24-2022 07:05 AM
two VRF plane one management and other is global
just one think make me confuse and can you clear it to me
DNS is config under VRF management,
Are you telnet to VRF management and VRF management know the IP source you telnet from ?
05-24-2022 07:32 AM
This router is only used as a terminal server to reverse telnet to the console port of our other devices, so it has static ip host entries for each connected device like so:
ip host inet-router-01 2002 192.168.1.1
Where 192.168.1.1 is a loopback on the local terminal server router
So all that happens in the global table, before SMART licenesing, we would simply type: inet-router-01
and it would reverse telnet directly to that device.
Now because we had to add SMART licensing, we had to add DNS lookup config, so that over the router's mgmt interface, it could contact cisco. Ever since adding that DNS config, reverse telnet takes 30 seconds to try DNS, and then fail back to our ip host commands.
Essentially all I want is this: for the VRF "Mgmt-intf" use DNS server x. But for anything else, don't do DNS lookups.
This seems like a simple thing, but any settings I put in the Mgmt-intf DNS view, seem to apply to global as well.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide