01-28-2017 11:56 PM
Hi,
I can not get DNS to work on a Cisco 871w router. It was working fine but by ISP changed the GPON router and now it fails. I am somewhat out of touch with Cisco commands so please bear with me.
Trying the DNS lookup:
zabbix#ping www.bbc.co.uk
Translating "www.bbc.co.uk"...domain server (202.144.184.171) [OK]
Translating "www.bbc.co.uk"...domain server (202.144.184.171) [OK]
Translating "www.bbc.co.uk"...domain server (202.144.184.171) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 212.58.246.93, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
UDP debug :
*Jan 24 21:25:10.916: UDP: rcvd src=192.168.0.1(1036), dst=255.255.255.255(1037), length=26
*Jan 24 21:25:11.931: UDP: sent src=103.240.242.124(53947), dst=202.144.184.171(53), length=39
*Jan 24 21:25:11.947: UDP: rcvd src=202.144.184.171(53), dst=103.240.242.124(53947), length=385
*Jan 24 21:25:12.211: UDP: rcvd src=103.240.242.70(137), dst=103.240.242.255(137), length=58.
*Jan 24 21:25:12.951: UDP: rcvd src=103.240.242.70(137), dst=103.240.242.255(137), length=58
*Jan 24 21:25:13.703: UDP: rcvd src=103.240.242.70(137), dst=103.240.242.255(137), length=58....
Success rate is 0 percent (0/5)
My
DNS
Public IP / Router
This
My Router
Building configuration...
Current
!
version 12.4
no service pad
service timestamps debug
service timestamps log
no service password-encryption
!
hostname
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 informational
!
aaa new-model
!
!
aaa authentication login default local
!
aaa session-id common
!
resource policy
!
clock timezone
!
!
no
!
network 192.168.0.0 255.255.255.0
default-router 103.240.242.1
dns-server 202.144.184.170
domain-name wr
!
!
no ip ftp passive
ip domain name zabbix
ip name-server 202.144.184.171
ip name-server 8.8.8.8
ip name-server 202.144.184.170
ip ssh version 2
!
!
!
username admin privilege 15 secret 5 $1$2I9R$NsukW6869INOIIWuKaHk823
!
!
!
!
!
!
interface FastEthernet0
spanning-tree portfast
!
interface FastEthernet1
spanning-tree portfast
!
interface FastEthernet2
spanning-tree portfast
!
interface FastEthernet3
spanning-tree portfast
!
interface FastEthernet4
description wan$ETH-WAN$
ip address 103.240.242.124 255.255.255.0
ip access-group 101 in
ip access-group 101 out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface Dot11Radio0
no ip address
shutdown
!
ssid test
vlan 2
authentication open
guest-mode
!
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
rts retries 128
power local cck 7
power local ofdm 7
power client 7
packet retries 128
beacon period 4000
beacon dtim-period 50
fragment-threshold 256
station-role root
!
interface Vlan1
ip address 192.168.0.100 255.255.255.0
ip nat inside
ip virtual-reassembly
!
router rip
version 2
passive-interface Dot11Radio0
network 192.168.0.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
ip dns server
!
ip http server
ip http authentication local
no ip http secure-server
ip nat translation dns-timeout 120
ip nat translation icmp-timeout 120
ip nat inside source list 101 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.0.103 1935 103.240.242.124 1935 extendable
!
no logging trap
access-list 101 permit udp any any eq domain
access-list 101 permit udp any eq domain any
access-list 101 permit ip any any
access-list 101 permit udp any any
!
!
!
tftp-server archive:cisco
!
control-plane
!
banner login ^CCThis is private property. Keep out !^C
!
line con 0
exec-timeout 30 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
transport output ssh
!
scheduler max-task-time 5000
ntp clock-period 17175019
ntp server 202.156.0.34 source FastEthernet4 prefer
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
I suspect NAT or an ACL or could it be something else?
Thanks for the help,
Dan
01-29-2017 03:12 AM
I made some
access-list 112 permit
access-list 112 permit
I also changed what I ping. I was pinging www.bbc.co.uk which for some reason the router does not translate. Maybe they block
Translating "www.google.com"...domain server (202.144.184.171) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 223.27.237.46, timeout is 2 seconds:
.!!!!
When I ping www.google.com it works.
Can someone explain to me
01-30-2017 04:24 PM
We figured it out. We needed to change the route like
to
ip route 0.0.0.0 0.0.0.0 103.240.242.124
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide