Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2098
Views
0
Helpful
5
Replies

Bad DNS query

Jewgeni Uschegow
Level 1
Level 1

‎02-26-2015 10:06 PM - edited ‎03-05-2019 12:53 AM

Dear colleagues,
I have one problem with CISCO1941. I configured DNS Server on my router and now I see a lot of events like:

Feb 27 10:50:10: %DNSSERVER-3-BADQUERY: Bad DNS query from 46.0.84.34
Feb 27 10:50:10: %DNSSERVER-3-BADQUERY: Bad DNS query from 95.78.103.140
Feb 27 10:50:13: %DNSSERVER-3-BADQUERY: Bad DNS query from 46.0.84.34
Feb 27 10:50:14: %DNSSERVER-3-BADQUERY: Bad DNS query from 95.78.103.140
Feb 27 10:50:19: %DNSSERVER-3-BADQUERY: Bad DNS query from 46.0.84.34
Feb 27 10:50:20: %DNSSERVER-3-BADQUERY: Bad DNS query from 95.78.103.140
Feb 27 10:50:50: %DNSSERVER-3-BADQUERY: Bad DNS query from 188.232.218.132
Feb 27 10:50:53: %DNSSERVER-3-BADQUERY: Bad DNS query from 188.232.218.132
Feb 27 10:50:59: %DNSSERVER-3-BADQUERY: Bad DNS query from 188.232.218.132

I configure ACL and close tcp/udp 53 and 5353 ports, but it didn't help.
Maybe anybody can say me how can I decide my problem.

1 person had this problem
Labels:
0 Helpful
5 Replies 5

Cisco Freak
Level 4
Level 4

‎02-27-2015 03:51 AM

Why the DNS queries are coming from public IPs?

CF

0 Helpful

Jewgeni Uschegow
Level 1
Level 1
In response to Cisco Freak

‎02-27-2015 04:01 AM

My router has 2 interface (inside and outside). In outside I use ACL where I close tcp/udp 53-port. And I can't understand it too=(

0 Helpful

Cisco Freak
Level 4
Level 4
In response to Jewgeni Uschegow

‎02-27-2015 07:04 AM

Please share the outside interface config and the ACL config.

CF

0 Helpful

Jewgeni Uschegow
Level 1
Level 1
In response to Cisco Freak

‎03-01-2015 11:20 PM

interface Dialer0
 mtu 1492
 ip address negotiated
 ip access-group ACL_Dialer0 in
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly in max-fragments 64 max-reassemblies 512
 encapsulation ppp
 ip tcp adjust-mss 1380
 load-interval 30
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname ----------
 ppp chap password 0 ---------
 no cdp enable
!
ip access-list extended ACL_Dialer0
 deny   udp any host ip_Dialer0 eq domain
 deny   udp any host ip_Dialer0 eq 5353
 deny   tcp any host ip_Dialer0 eq domain
 deny   udp any host ip_Dialer0 eq 32
 deny   tcp any host ip_Dialer0 eq 32
 deny   tcp any any eq 137
 deny   ip host 255.255.255.255 any
 deny   ip 248.0.0.0 7.255.255.255 any
 deny   tcp any any eq 138
 deny   tcp any any eq 139
 deny   tcp any any eq 445
 deny   tcp any host ip_Dialer0 eq telnet
 deny   udp any any eq netbios-ns
 deny   udp any any eq netbios-dgm
 deny   udp any any eq netbios-ss
 deny   udp any any eq 445
 deny   ip host 0.0.0.0 any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip 192.0.2.0 0.0.0.255 any
 deny   ip 224.0.0.0 31.255.255.255 any
 deny   ip 169.254.0.0 0.0.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 permit ip any any
!

0 Helpful

Vincent Brik
Level 1
Level 1

‎06-01-2015 05:50 AM

I am having the same problem on my 881W. Seeing "%DNSSERVER-3-BADQUERY: Bad DNS query from x.x.x.x" in my logs. I do have the following ACL rules configured, inbound on my WAN port:

 

    410 deny udp any any eq domain (46 matches)
    420 deny tcp any any eq domain (7 matches)

 

The match counter increases, so I figure the ACL must be working at least some of the time. But I still see the badquery messages every now and then in my logs ??

 

0 Helpful
Customers Also Viewed These Support Documents