cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2623
Views
0
Helpful
2
Replies

Unable to resolve DNS lookups from Cisco 871w Router

Daniel Baker
Beginner
Beginner

Hi,

I can not get DNS to work on a Cisco 871w  router.  It was working fine but by ISP changed the GPON router and now it fails. I am somewhat out of touch with Cisco commands so please bear with me.

Trying the DNS  lookup:

zabbix#ping www.bbc.co.uk

Translating "www.bbc.co.uk"...domain server (202.144.184.171) [OK]

Translating "www.bbc.co.uk"...domain server (202.144.184.171) [OK]

Translating "www.bbc.co.uk"...domain server (202.144.184.171) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 212.58.246.93, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

UDP debug :


*Jan 24 21:25:10.916: UDP: rcvd src=192.168.0.1(1036), dst=255.255.255.255(1037), length=26
*Jan 24 21:25:11.931: UDP: sent src=103.240.242.124(53947), dst=202.144.184.171(53), length=39
*Jan 24 21:25:11.947: UDP: rcvd src=202.144.184.171(53), dst=103.240.242.124(53947), length=385
*Jan 24 21:25:12.211: UDP: rcvd src=103.240.242.70(137), dst=103.240.242.255(137), length=58.
*Jan 24 21:25:12.951: UDP: rcvd src=103.240.242.70(137), dst=103.240.242.255(137), length=58
*Jan 24 21:25:13.703: UDP: rcvd src=103.240.242.70(137), dst=103.240.242.255(137), length=58....
Success rate is 0 percent (0/5)

My Set up:

DNS servers :  202.144.184.170      202.144.184.171.   I can ping the DNS server from the router.

Public IP / Router ID :  103.240.242.124

This Cisco  router connects to the ISPs   GPON router which is in bridge mode.  If I connect my computer directly to this GPON router I can  do DNS lookups ok.

My  Router config  :

Building configuration...

Current configuration : 2986 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone year
no service password-encryption
!
hostname zabbix
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 informational
!
aaa new-model
!
!
aaa authentication login default local
!
aaa session-id common
!
resource policy
!
clock timezone laos 7
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.100 192.168.0.110
ip dhcp excluded-address 192.168.0.1 192.168.0.100
ip dhcp excluded-address 192.168.0.111 192.168.0.254
!
ip dhcp pool DHCP
   network 192.168.0.0 255.255.255.0
   default-router 103.240.242.1
   dns-server 202.144.184.170
   domain-name wr
!
!
no ip ftp passive
ip domain name zabbix
ip name-server 202.144.184.171
ip name-server 8.8.8.8
ip name-server 202.144.184.170
ip ssh version 2
!
!
!
username admin privilege 15 secret 5 $1$2I9R$NsukW6869INOIIWuKaHk823
!
!
!
!
!
!
interface FastEthernet0
 spanning-tree portfast
!
interface FastEthernet1
 spanning-tree portfast
!
interface FastEthernet2
 spanning-tree portfast
!
interface FastEthernet3
 spanning-tree portfast
!
interface FastEthernet4
 description wan$ETH-WAN$
 ip address 103.240.242.124 255.255.255.0
 ip access-group 101 in
 ip access-group 101 out
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 no cdp enable
!
interface Dot11Radio0
 no ip address
 shutdown
 !
 ssid test
    vlan 2
    authentication open
    guest-mode
 !
 speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
 rts retries 128
 power local cck 7
 power local ofdm 7
 power client 7
 packet retries 128
 beacon period 4000
 beacon dtim-period 50
 fragment-threshold 256
 station-role root
!
interface Vlan1
 ip address 192.168.0.100 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
router rip
 version 2
 passive-interface Dot11Radio0
 network 192.168.0.0
 no auto-summary
!
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
ip dns server
!         
ip http server
ip http authentication local
no ip http secure-server
ip nat translation dns-timeout 120
ip nat translation icmp-timeout 120
ip nat inside source list 101 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.0.103 1935 103.240.242.124 1935 extendable
!
no logging trap
access-list 101 permit udp any any eq domain
access-list 101 permit udp any eq domain any
access-list 101 permit ip any any
access-list 101 permit udp any any
!
!
!
tftp-server archive:cisco
!
control-plane
!
banner login ^CCThis is private property. Keep out !^C
!         
line con 0
 exec-timeout 30 0
 logging synchronous
 no modem enable
line aux 0
line vty 0 4
 exec-timeout 0 0
 logging synchronous
 transport input ssh
 transport output ssh
!
scheduler max-task-time 5000
ntp clock-period 17175019
ntp server 202.156.0.34 source FastEthernet4 prefer
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end

I  suspect NAT or an ACL  or could it be something else? 

Thanks for the help,

Dan 

2 Replies 2

Daniel Baker
Beginner
Beginner

I made some changes :

access-list 112 permit tcp any any eq domain access-list 112 permit

access-list 112 permit tcp any eq domain any

I also changed what I ping. I was pinging www.bbc.co.uk  which for some reason the router does not translate. Maybe they block icmp ping replies.

zabbix(config)#do ping www.google.com

Translating "www.google.com"...domain server (202.144.184.171) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 223.27.237.46, timeout is 2 seconds:
.!!!!

When I ping www.google.com it works.  

Can someone explain to me why ? 

We figured it out.  We needed to change the route like this :

ip route 0.0.0.0 0.0.0.0 FastEthernet4

to 

ip route 0.0.0.0 0.0.0.0  103.240.242.124

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: