Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
301
Views
0
Helpful
1
Replies

1861 DNS Server?

Dirk-Jan Uittenbogaard
Cisco Employee
Cisco Employee

‎02-22-2012 01:20 PM - edited ‎03-04-2019 03:23 PM

Hi,

I cannot seem to get my DNS setup working.

GOAL

Every device inside the LAN should only have 1 DNS server (the 1861 Router)
If that router doesn't know the answer the DNS request should be forwarded to the ISP.

ROUTER

1861 IOS 15.1.3T3 (adv.ent.k9) - DNS server for LAN. ISP provides DNS for public servers

NOTE: that the domain name used internally 'mydomain.com' also exists on the public internet

PROBLEM

The router cannot ping the ISP DNS server, except when using VLAN1 as the source

Devices on the LAN can ping the router and the ISP's DNS servers

Config

ip domain timeout 2
ip domain name mydomain.com
ip host mydomain.com ns ns.mydomain.com
ip host ns.mydomain.com 10.1.1.10
ip host www.mydomain.com 62.19.22.133




ip host home-wifi.mydomain.com 10.1.1.7


ip host home-iphone.mydomain.com 10.1.1.3


ip host home-router.mydomain.com 10.1.1.10


!


!


interface FastEthernet0/0


 description ---- FW_OUTSIDE


 mac-address 0010.a0a0.a0a0


 ip address dhcp client-id FastEthernet0/0


 ip access-group 10 in


 ip access-group 10 out


 no ip redirects


 no ip unreachables


 no ip proxy-arp


 ip flow ingress


 ip nat outside


 ip virtual-reassembly in


 duplex auto


 speed auto


 ntp broadcast client


 no cdp enable


 no mop enabled


!


!


interface Vlan1


 description ---- FW_INSIDE


 ip address 10.1.1.10 255.255.255.0


 no ip redirects


 no ip unreachables


 ip dns view-group default-list


 ip nat inside


 ip virtual-reassembly in


 ntp broadcast


 no mop enabled


!


!


ip dns view default


 domain timeout 2


 domain name-server  112.34.60.35


 domain name-server interface FastEthernet0/0


 domain round-robin


 dns forwarder 112.34.60.35


 dns forwarder 112.34.40.35


 dns forwarding source-interface FastEthernet0/0


ip dns view-list default-list


 view default 10


ip dns server


ip nat translation timeout 180


ip nat inside source list 1 interface FastEthernet0/0 overload


ip nat inside source static


!


!


access-list 10 deny   181.122.46.156 (Just an IP I want to block)


access-list 10 deny   181.133.20.188 (Just an IP I want to block)


access-list 10 permit any


!


!

Any ideas? Feel like I'm overlooking something 'simple' ;-)

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎02-25-2012 06:21 PM

My guess is that the problem involves this statement in the config

ip nat inside source list 1 interface FastEthernet0/0 overload

in the config that you have posted there is no access-list 1. I suggest that you create access-list 1 and tell us whether the behavior changes or not.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card