07-12-2021 06:10 AM
I have a 1941 operating with a backup 3/4G Cellular and a primary WAN interface.
My issue is related to the DNS from my 3/4G interface persisting well after the interface is shutdown.
The Show hosts indicated 4 DNS entries when I'm running my primary WAN connection
I can see the DNS query is getting sent out to the 3/4G interface DNS entries (which is shutdown)
How can I prevent the unused DNS servers from persisting in the router?
My core problem is the routers CLI is resolving host names but my clients are not, The CLI is resolving after it first tries the 10.x.x.x DNS Servers, I'm not sure if these extra DNS are the issues or there is another issues.
Router info Below
Router1#show hosts
Default domain is not set
Name/address lookup uses domain service
Name servers are 10.4.58.204, 10.4.130.164, 111.220.1.1, 111.220.2.2
Router1#show ppp interface virtual-Access 2
PPP Serial Context Info
-------------------
Interface : Vi2
PPP Serial Handle: 0x33000002
PPP Handle : 0x8F000002
SSS Handle : 0x3F000003
AAA ID : 20
Access IE : 0x13000002
SHDB Handle : 0x0
State : Up
Last State : Binding
Last Event : LocalTerm
PPP Session Info
----------------
Interface : Vi2
PPP ID : 0x8F000002
Phase : UP
Stage : Local Termination
Peer Name : auth
Peer Address : 210.234.4.69
Control Protocols: LCP[Open] IPCP[Open]
Session ID : 2
AAA Unique ID : 20
SSS Manager ID : 0x3F000003
SIP ID : 0x33000002
PPP_IN_USE : 0x11
Vi2 LCP: [Open]
Our Negotiated Options
Vi2 LCP: MRU 1492
Vi2 LCP: MagicNumber
Peer's Negotiated Options
Vi2 LCP: MRU 1492
Vi2 LCP: AuthProto CHAP
Vi2 LCP: MagicNumber
Vi2 IPCP: [Open]
Our Negotiated Options
Vi2 IPCP: Address "my.ip.is.ok"
Vi2 IPCP: PrimaryDNS 111.220.1.1
Vi2 IPCP: SecondaryDNS 111.220.2.2
Peer's Negotiated Options
Vi2 IPCP: Address 210.234.4.69
Router1#debug domain
*Jul 12 09:04:12.031: DNS: Resending query id #9957
*Jul 12 09:04:12.031: DNS: Re-sending DNS query (type 1, id#49953) to 111.220.1.1
*Jul 12 09:04:12.031: DNS: Resending query id #45169
*Jul 12 09:04:12.031: DNS: Re-sending DNS query (type 1, id#40243) to 10.4.130.164
*Jul 12 09:04:12.031: DNS: Resending query id #23518
*Jul 12 09:04:12.031: DNS: Re-sending DNS query (type 1, id#5937) to 10.4.130.164
*Jul 12 09:04:12.031: DNS: Resending query id #45169
*Jul 12 09:04:12.031: DNS: Re-sending DNS query (type 1, id#32733) to 10.4.130.164
*Jul 12 09:04:12.031: DNS: Resending query id #23518
*Jul 12 09:04:12.031: DNS: Re-sending DNS query (type 1, id#32746) to 10.4.130.164
*Jul 12 09:04:12.031: DNS: Resending query id #33552
*Jul 12 09:04:12.031: DNS: Re-sending DNS query (type 1, id#41684) to 10.4.130.164
*Jul 12 09:04:12.031: DNS: Resending query id #46697
*Jul 12 09:04:12.031: DNS: Re-sending DNS query (type 28, id#52040) to 10.4.58.204
*Jul 12 09:04:12.031: DNS: Resending query id #33552
*Jul 12 09:04:12.031: DNS: Re-sending DNS query (type 1, id#11497) to 10.4.58.204
*Jul 12 09:04:12.043: DNS: Incoming UDP query (id#49953)
*Jul 12 09:04:12.043: DNS: Type 1 response (id#49953) for host <1.debian.pool.ntp.org> from 111.220.1.1(53)
Solved! Go to Solution.
07-12-2021 12:15 PM - edited 07-12-2021 12:15 PM
Hello
I assume your rtr is servicing dhcp for your clients if so try the following and swap the addressing below to represent your rtr
rtr
ip dhcp pool xxx
network 192.168.1.0 /24
default-router 192.168.1.254
dns-server 192.168.1.254
exit
no ip name server
ip dns server
int dialer x
ppp ipcp dns request
07-18-2021 07:17 AM - edited 07-18-2021 07:23 AM
Hello
I may need to revert back to my last know working config and rebuild again from there.
A related question and the root of all my problems, I cant get some web sites to work
The you need to make sure your not incurring fragmentation which could cause the issue your experiencing - try the following and reduce accordingly if you have additional header overheads such are GRE/IPSEC
int dialer 1
ip mtu 1492 < non tcp packets
ip tcp adjust-mss 1452 < tcp packets
or
ip mtu 1400
ip tcp adjust-mss 1360
07-12-2021 06:24 AM
Name servers are 10.4.58.204, 10.4.130.164, 111.220.1.1, 111.220.2.2
where did you get this name server from your ISP ?
Do you have Dual uplinks to go different ISP,. when you mention the order list, it go order 1- 4 DNS, keep trying all 4 1 by 1
Other option you can use DNS name Server, so if you go out any ISP DNS resolves automatically.
is this isue on Router ? or client also same ?
07-12-2021 09:54 AM
- What OS are you running on your clients?
- How does the network configuration related to DNS look like on your clients?
- Do the clients have static IP addressing configured?
- How does the routing table look like on your clients?
- Can you ping the DNS server IPs from your clients?
07-12-2021 12:15 PM - edited 07-12-2021 12:15 PM
Hello
I assume your rtr is servicing dhcp for your clients if so try the following and swap the addressing below to represent your rtr
rtr
ip dhcp pool xxx
network 192.168.1.0 /24
default-router 192.168.1.254
dns-server 192.168.1.254
exit
no ip name server
ip dns server
int dialer x
ppp ipcp dns request
07-13-2021 01:30 AM - edited 07-13-2021 05:00 AM
Q:Where did you get this name server from your ISP ?
A:There are assigned by the IPS via the "ppp ipcp dns request" command
Q:Do you have Dual uplinks to go different ISP,. when you mention the order list, it go order 1- 4 DNS, keep trying all 4 1 by 1
A:I don't actually have a dual link more a backup link only one works at any one time, so I would expected the rtr to drop the old DNS entries.
Q:is this isue on Router ? or client also same ?
A:The route is resolving the names only after it cycles through the DNS list but the Clients are not resolving at all.
Q:What OS are you running on your clients?
A:I have a mix but only testing on Win 7 Win 10.
Q:- How does the network configuration related to DNS look like on your clients?
A:The Clients were working and resolving host names but then they just stopped, when I cut back to my IPS supplied router I noted the 3/4G modem was locked up.
My DNS setup is this i Have a LAN and WLAN both have the same problem.
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.1
ip dhcp pool WLAN
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 192.168.1.1
!
Q:- Do the clients have static IP addressing configured?
All clients are DHCP from rtr
Q:- How does the routing table look like on your clients?
I don't fully understand the routing table, this below was mostly generated by the Routers GUI.
ip nat inside source route-map nat2backup interface Cellular0/0/0 overload
ip nat inside source route-map nat2primary interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0 253
!
!
ip sla 1
icmp-echo 8.8.8.8 source-interface Dialer1
ip sla schedule 1 life forever start-time now
dialer-list 2 protocol ip permit
!
route-map track-primary-if permit 1
match ip address 197
set interface Dialer1
!
route-map nat2primary permit 1
match ip address 198
match interface Dialer1
!
route-map nat2backup permit 1
match ip address 198
match interface Cellular0/0/0
!
!
access-list 197 permit icmp any host 203.134.64.66
access-list 198 permit ip any any
!
Q:- Can you ping the DNS server IPs from your clients?
A: I can ping DNS by IP address, but the DNS which start with 10.x.x.x I cant as I'm running the WAN interface not the 3/4G and those DNS IP are private.
Q:I assume your rtr is servicing dhcp for your clients if so try the following and swap the addressing below to represent your rtr
rtr
ip dhcp pool xxx
network 192.168.1.0 /24
default-router 192.168.1.254
dns-server 192.168.1.254
exit
no ip name server
ip dns server
int dialer x
ppp ipcp dns request
A:
I think my setup already has these entries,
I will try adding the "no ip name server" and removing "ppp ipcp route default"
I will not have access to the router now till Thursday.
DHCP part
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.1
!
ip dhcp pool WLAN
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 192.168.1.1
WAN settings
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly in max-fragments 16 max-reassemblies 64 timeout 5
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname
ppp chap password
ppp pap sent-username password
ppp ipcp dns request
ppp ipcp route default
07-13-2021 07:06 AM - edited 07-13-2021 07:07 AM
Hello
Try and add the following also:
access-list xx permit icmp host <source ip> host 8.8.8.8 echo
route-map ipsla
match ip address xx
set interface dailer 1
set interface Null0
exit
ip local policy route-map ipsla
07-18-2021 04:15 AM - edited 07-18-2021 04:48 AM
Hi, put the router back into service.
And this time the 3/4G Cellular interface started as normal, This now looks to switch between the two sets of DNS Entry.
With the exception that it seems to drop the inactive service after some idle timeout
rtr#show host (Main Dialer1 routing traffic)
Default domain is not set
Name/address lookup uses domain service
Name servers are 111.220.1.1, 111.220.2.2
Once the 3/4G service come one line ( I normally shut the Gi 0/1/0 interface to initiate the change over)
rtr#show host (Cellular interface as primary)
Default domain is not set
Name/address lookup uses domain service
Name servers are 111.220.1.1, 111.220.2.2, 10.4.27.70, 10.4.149.70
I would have expected the DNS entries for this 3/4G backup service would have put first in the list, for some reason the 3/4G is not routing internet traffic (at the moment, will perform further testing shortly)
So basically looks like if/when the 3/4G service crashed then it doesn't release or update the DNS entries correctly, But I would need to test this next time this interface crashed
Paul I did add those entry's but I couldn't notice any real difference in the operation in the change over WAN->3/4G , I have left these entries in for now.
How does your entry differ from the original ones ?
With that said I think I have introduced a problem where now the 3/4G server is not routing internet traffic , the clients are resolving host names but no internet connectivity, I will need track this down in the morning I have included a quick rundown of my changes which preceded the 3/4G failure.
Note:
I found the router was pinggable from the outside so I changes the access listed on Dialer1 interface. only
I removed the dialer-group 1 entry and added two new assess-lists, since this change the 3/4G service is not working.
I did reinstate the old entries but still not working currently running the new setup
Do I need to do a reload when performing this types of cli entries ?
My setup
Primary WAN interface
Old Settings
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly in max-fragments 16 max-reassemblies 64 timeout 5
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
…….
New Setting
interface Dialer1
mtu 1492
ip address negotiated
ip access-group No-PING in
ip access-group 198 out
ip nat outside
ip virtual-reassembly in max-fragments 16 max-reassemblies 64 timeout 5
encapsulation ppp
dialer pool 1
no cdp enable
………..
Backup Service
3/4G backup interface
interface Cellular0/0/0
description 3G Link to Vodafone-AP
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer string hspa-R7
dialer-group 2
async mode interactive
ip access-list extended No-PING
permit icmp any any echo-reply
deny icmp any any
permit ip any any
access-list 198 permit ip any any
Did I do something wrong?
07-18-2021 05:05 AM
Hello
@ManIDE661 wrote:Did I do something wrong?
Where is the ppp authentication?
int dialer 1
ip mtu 1492
ip tcp adjust-mss 1452
ppp authentication chap pap callin
ppp chap hostname
ppp chap password
ppp pap sent-username password
How does your entry differ from the original ones ?
Regards your dns query, My initial suggestion would make your rtr the dns root for your clients and also a forwarder for any dns requests it couldn't not resolve itself upstream towards your ISP.
07-18-2021 05:33 AM
They are their, I just didn't included then as they contained the usernames and passwords.
My first post shows the results of Router1#show ppp interface virtual-Access 2
the PPP authentication is for Dialer1 which the Gi 0/1/0 interface AKA WAN interface and that can be seen to be negotiating
This is the Cellular 3/4G interface setup
interface Cellular0/0/0
description 3G Link to Vodafone-AP
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer string hspa-R7
dialer-group 2
async mode interactive
Here is the PAP profile for the interface.
PDP Type = IPv4
Access Point Name (APN) = live.vodafone.com
Authentication = PAP
Username: anonymous
Password: password
Primary DNS address = 0.0.0.0
Secondary DNS address = 0.0.0.0
I may need to revert back to my last know working config and rebuild again from there.
A related question and the root of all my problems, I cant get some web sites to work
And after so many hour it would looks like sites that return multiple host IP are the one which don't work.
I have cross checked 5 on the non working site and they all return more that one IP.
eBay works but Netflix will not, below are the nslookup outputs,
Is this normal or am I missing something in my setup ?
I'm pretty sure the DNS entries will sort them self out once I fix the Cellular interface isues
C:\Users>nslookup www.netflix.com
Server: UnKnown
Address: 192.168.1.1
Non-authoritative answer:
Name: dualstack.apiproxy-website-nlb-prod-1-bcf28d21f4bbcf2c.elb.us-west-2.amazonaws.com
Addresses: 2600:1f14:62a:de84:880a:88cc:a16:5423
2600:1f14:62a:de85:d7:e7a1:8f7d:f6f5
2600:1f14:62a:de83:c61a:d6e:18b0:65f7
44.237.234.25
44.242.60.85
44.234.232.238
Aliases: www.netflix.com
www.dradis.netflix.com
www.us-west-2.internal.dradis.netflix.com
C:\Users>nslookup www.ebay.com.au
Server: UnKnown
Address: 192.168.1.1
Non-authoritative answer:
Name: e11847.g.akamaiedge.net
Address: 23.223.49.102
Aliases: www.ebay.com.au
slot11847.ebay.com.edgekey.net
07-18-2021 07:17 AM - edited 07-18-2021 07:23 AM
Hello
I may need to revert back to my last know working config and rebuild again from there.
A related question and the root of all my problems, I cant get some web sites to work
The you need to make sure your not incurring fragmentation which could cause the issue your experiencing - try the following and reduce accordingly if you have additional header overheads such are GRE/IPSEC
int dialer 1
ip mtu 1492 < non tcp packets
ip tcp adjust-mss 1452 < tcp packets
or
ip mtu 1400
ip tcp adjust-mss 1360
07-18-2021 03:23 PM
Thank you for your help I was about to ditch this Cisco but now it will stay.
I had changed ip mtu 1452 before but it still didn't work, so I cant thank you enough.
I will sort the 3/4G issue this week.
Manny.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide