cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
102
Views
0
Helpful
1
Replies
Highlighted
Cisco Employee

1861 DNS Server?

Hi,

I cannot seem to get my DNS setup working.

GOAL

Every device inside the LAN should only have 1 DNS server (the 1861 Router)
If that router doesn't know the answer the DNS request should be forwarded to the ISP.

ROUTER

1861 IOS 15.1.3T3 (adv.ent.k9) - DNS server for LAN. ISP provides DNS for public servers

NOTE: that the domain name used internally 'mydomain.com' also exists on the public internet

PROBLEM

The router cannot ping the ISP DNS server, except when using VLAN1 as the source

Devices on the LAN can ping the router and the ISP's DNS servers

Config

ip domain timeout 2

ip domain name mydomain.com

ip host mydomain.com ns ns.mydomain.com

ip host ns.mydomain.com 10.1.1.10

ip host www.mydomain.com 62.19.22.133

ip host home-wifi.mydomain.com 10.1.1.7

ip host home-iphone.mydomain.com 10.1.1.3

ip host home-router.mydomain.com 10.1.1.10

!

!

interface FastEthernet0/0

description ---- FW_OUTSIDE

mac-address 0010.a0a0.a0a0

ip address dhcp client-id FastEthernet0/0

ip access-group 10 in

ip access-group 10 out

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

ntp broadcast client

no cdp enable

no mop enabled

!

!

interface Vlan1

description ---- FW_INSIDE

ip address 10.1.1.10 255.255.255.0

no ip redirects

no ip unreachables

ip dns view-group default-list

ip nat inside

ip virtual-reassembly in

ntp broadcast

no mop enabled

!

!

ip dns view default

domain timeout 2

domain name-server  112.34.60.35

domain name-server interface FastEthernet0/0

domain round-robin

dns forwarder 112.34.60.35

dns forwarder 112.34.40.35

dns forwarding source-interface FastEthernet0/0

ip dns view-list default-list

view default 10

ip dns server

ip nat translation timeout 180

ip nat inside source list 1 interface FastEthernet0/0 overload

ip nat inside source static

!

!

access-list 10 deny   181.122.46.156 (Just an IP I want to block)

access-list 10 deny   181.133.20.188 (Just an IP I want to block)

access-list 10 permit any

!

!

Any ideas? Feel like I'm overlooking something 'simple' ;-)

1 REPLY 1
Highlighted
Hall of Fame Guru

My guess is that the problem involves this statement in the config

ip nat inside source list 1 interface FastEthernet0/0 overload

in the config that you have posted there is no access-list 1. I suggest that you create access-list 1 and tell us whether the behavior changes or not.

HTH

Rick

HTH

Rick