Solved: Re: dns lookups very slow when using a vrf ASR 1002x 16.3.7

smolz · ‎02-22-2019

I am trying to use hostnames for NTP on a few devices that have a management in a vrf.

I have configured:

ip domain list vrf Mgmt-intf example.com
ip domain lookup vrf Mgmt-intf source-interface GigabitEthernet0
ip domain name example.com
ip name-server vrf Mgmt-intf 8.8.8.8

When I try to ping an address by name it takes forever for it to actually respond, by forever I am talking minutes!

host#ping vrf Mgmt-intf google.com

It eventually responds but why is it taking so long.

Georg Pauwen · ‎02-22-2019

Hello,

remove this line:

ip domain lookup vrf Mgmt-intf source-interface GigabitEthernet0

You might be hitting the bug below:

DNS does not resolve hostname when source interface is configured
CSCvk76541
Description
Symptom:
Basic DNS functionality does not work when source interface is configured, as hostname fails to resolve most of the time and takes up to 5 minutes to process. With source interface removed, the hostname resolution is successful every time and processed immediately. Below are the DNS related configs:

ip name-server vrf Mgmt-intf X.X.X.X
ip domain lookup (vrf Mgmt-intf) source-interface GigabitEthernet0
ip domain name vrf Mgmt-intf domain.name.com

Conditions:
The issue is seen when a source interface is configured for DNS, with or without VRF, with management and non-management interfaces. The issue has been observed on ASR1006 running 16.8.1 and ASR1000HX running 16.5.3.

Workaround:
Remove "ip domain lookup (vrf Mgmt-intf) source-interface GigabitEthernet0" command.

View solution in original post

Georg Pauwen · ‎02-22-2019

Hello,

not sure if that command is available on the ASR, but what if you change:

ip domain name example.com

to

ip domain name example.com use-vrf Mgmt-intf

smolz · ‎02-22-2019

Command is there in this format:

ip domain name vrf Mgmt-intf example.com

Doesn't seem to make a difference.

Georg Pauwen · ‎02-22-2019

Hello,

remove this line:

ip domain lookup vrf Mgmt-intf source-interface GigabitEthernet0

You might be hitting the bug below:

DNS does not resolve hostname when source interface is configured
CSCvk76541
Description
Symptom:
Basic DNS functionality does not work when source interface is configured, as hostname fails to resolve most of the time and takes up to 5 minutes to process. With source interface removed, the hostname resolution is successful every time and processed immediately. Below are the DNS related configs:

ip name-server vrf Mgmt-intf X.X.X.X
ip domain lookup (vrf Mgmt-intf) source-interface GigabitEthernet0
ip domain name vrf Mgmt-intf domain.name.com

Conditions:
The issue is seen when a source interface is configured for DNS, with or without VRF, with management and non-management interfaces. The issue has been observed on ASR1006 running 16.8.1 and ASR1000HX running 16.5.3.

Workaround:
Remove "ip domain lookup (vrf Mgmt-intf) source-interface GigabitEthernet0" command.

smolz · ‎02-22-2019

That did it! thank you much!

Georg Pauwen · ‎02-22-2019

Hello,

unfortunately the bug doesn't mention a release with a fix, so for now, you are 'stuck' with the workaround...

smolz · ‎02-22-2019

Thats ok, I just pushed it out to all my routers with an Ansible template so it is all good and working.