Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1510
Views
0
Helpful
5
Replies

DNS lookup fails from 881 routers

Johan Olsson
Level 1
Level 1

‎11-30-2013 01:23 PM - edited ‎03-04-2019 09:43 PM

Hi,

I have problem with dns lookup for my cisco 881 routers.
I have a copule off remote office with dynamic public ip adress and trying go get dynamic dns to work.

To updade the service the router need to connect to the dyn dns service by the domain name, but it fails.

And for example if I ping www.google.com I get the response:
Translating www.google.com...domain server (195.67.199.33) (195.67.199.34) (8.8.8.8)
% Unrecognized host or address, or protocol not running.

I have configured "ip domain name" with my domain and "ip name-server 8.8.8.8."

Can't figure out what's wrong and why the router can't resolve domain names. Any idéas?

(Name server 195.67.199.33 and 34 are from my ISP. Why are the router trying to use that when i have spceicied 8.8.8.8 as my ip name-server?
Both name servers are working if I use them from a pc behind the router so that's not the problem, but it wuld be interesting to know the router is trying to use them)

Labels:
0 Helpful
5 Replies 5

daniel.dib
Level 7
Level 7

‎11-30-2013 02:41 PM

I assume the first two addresses are received together with the IP from Telia. It looks like the Cisco router is querying all three servers when you are doing a lookup.

My guess is that you are receiving AAAA reply back but you only have IPv4 configured.

Daniel Dib
CCIE #37149

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to daniel.dib

‎11-30-2013 03:04 PM

Since you have told us that these routers have dynamic IP addresses it is logical to assume that .33 and .34 are passed to the router in the DHCP assignment that gives them their IP addresses.

It would be helpful to know what happens if the 881 attempts to ping some Internet resource via IP address (and not by name so that DNS is not part of what is involved). So for example, what happens if the router attempts to ping 8.8.8.8?

It might help us to understand what is going on if you would post the output of show ip interface brief. And seeing the config of the 881 might also be helpful.

HTH

Rick

HTH

Rick
0 Helpful

Johan Olsson
Level 1
Level 1
In response to Richard Burts

‎12-01-2013 01:23 AM

Hi both,

I can ping by ip, both inside and outside hosts.
It's only the dns lookup that fails.

Tested to remove my inbound access list from the outside interface and then dns lookup works

Must I allow udp port 53 to the router? Shuldn't the ip inspect that i have configured on the outside interface allow that type of traffic? (i have both inspect for tcp and udp)

Inside host have no problem to do dns lookups when I have my access list enabled.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Johan Olsson

‎12-01-2013 05:59 AM

It is helpful to know that ping by address works and that DNS works if you remove the access list. That certainly indicates that there needs to be an entry in the access list to permit DNS traffic to the router.

HTH

Rick

HTH

Rick
0 Helpful

daniel.dib
Level 7
Level 7
In response to Johan Olsson

‎12-04-2013 02:45 AM

IP Inspect will work for client initiated sessions. For router generated traffic you need to enable inspection of that.

Refer to this document:

http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_insp_rtr_gen_trf.pdf

If you enabled it for UDP it should catch the DNS queries coming back in.

Daniel Dib
CCIE #37149

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents