cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4529
Views
1
Helpful
25
Replies

Issues with DNS resolutions

BrunoVic
Level 1
Level 1

I am having issues with DNS resolutions from a switch connected to a gateway router. What's interesting is that I can ping from the switch just fine which shows me that there is connectivity to the internet however DNS resolutions don't work. I thought maybe something is blocking DNS at the ISP however the router can resolve DNS just fine. So why does the router resolve fine but the switch doesn't IF both the switch and the router have internet connectivity?

25 Replies 25

Maybe I misunderstood you. The link references the debug output of the switch. Here is the debug output of the router.

 

Router#ping google.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 142.251.40.238, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/17 ms
Router#
*Oct 8 04:35:31.727 EDT: Reserved port 13504 in Transport Port Agent for UDP IP type 1
*Oct 8 04:35:31.727 EDT: UDP: sent src=xxx.xxx.39.118(13504), dst=8.8.8.8(53), length=47
*Oct 8 04:35:31.728 EDT: IP: s=xxx.xxx.39.118 (local), d=8.8.8.8, len 67, local feature, feature skipped, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Oct 8 04:35:31.728 EDT: IP: tableid=0, s=xxx.xxx.39.118 (local), d=8.8.8.8 (GigabitEthernet0/0/1), routed via FIB
*Oct 8 04:35:31.728 EDT: IP: s=xxx.xxx.39.118 (local), d=8.8.8.8 (GigabitEthernet0/0/1), len 67, sending
*Oct 8 04:35:31.728 EDT: IP: s=xxx.xxx.39.118 (local), d=8.8.8.8 (GigabitEthernet0/0/1), len 67, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Oct 8 04:35:31.752 EDT: UDP: rcvd src=8.8.8.8(53), dst=xxx.xxx.39.118(13504), length=63
*Oct 8 04:35:31.752 EDT: Released port 13504 in Transport Port Agent for IP type 1
*Oct 8 04:35:31.752 EDT: Released port 13504 in Transport Port Agent for IP type 1
*Oct 8 04:35:31.755 EDT: IP: s=xxx.xxx.39.118 (local), d=142.251.40.238, len 100, local feature, feature skipped, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Oct 8 04:35:31.755 EDT: IP: tableid=0, s=xxx.xxx.39.118 (local), d=142.251.40.238 (GigabitEthernet0/0/1), routed via FIB
*Oct 8 04:35:31.755 EDT: IP: s=xxx.xxx.39.118 (local), d=142.251.40.238 (GigabitEthernet0/0/1), len 100, sending
*Oct 8 04:35:31.755 EDT: IP: s=xxx.xxx.39.118 (local), d=142.251.40.238 (GigabitEthernet0/0/1), len 100, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Oct 8 04:35:31.771 EDT: IP: s=xxx.xxx.39.118 (local), d=142.251.40.238, len 100, local feature, feature skipped, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Oct 8 04:35:31.771 EDT: IP: tableid=0, s=xxx.xxx.39.118 (local), d=142.251.40.238 (GigabitEthernet0/0/1), routed via FIB
*Oct 8 04:35:31.771 EDT: IP: s=xxx.xxx.39.118 (local), d=142.251.40.238 (GigabitEthernet0/0/1), len 100, sending
*Oct 8 04:35:31.771 EDT: IP: s=xxx.xxx.39.118 (local), d=142.251.40.238 (GigabitEthernet0/0/1), len 100, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Oct 8 04:35:31.787 EDT: IP: s=xxx.xxx.39.118 (local), d=142.251.40.238, len 100, local feature, feature skipped, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Oct 8 04:35:31.788 EDT: IP: tableid=0, s=xxx.xxx.39.118 (local), d=142.251.40.238 (GigabitEthernet0/0/1), routed via FIB
*Oct 8 04:35:31.788 EDT: IP: s=xxx.xxx.39.118 (local), d=142.251.40.238 (GigabitEthernet0/0/1), len 100, sending
*Oct 8 04:35:31.788 EDT: IP: s=xxx.xxx.39.118 (local), d=142.251.40.238 (GigabitEthernet0/0/1), len 100, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Oct 8 04:35:31.804 EDT: IP: s=xxx.xxx.39.118 (local), d=142.251.40.238, len 100, local feature, feature skipped, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Oct 8 04:35:31.804 EDT: IP: tableid=0, s=xxx.xxx.39.118 (local), d=142.251.40.238 (GigabitEthernet0/0/1), routed via FIB
*Oct 8 04:35:31.804 EDT: IP: s=xxx.xxx.39.118 (local), d=142.251.40.238 (GigabitEthernet0/0/1), len 100, sending
*Oct 8 04:35:31.804 EDT: IP: s=xxx.xxx.39.118 (local), d=142.251.40.238 (GigabitEthernet0/0/1), len 100, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Oct 8 04:35:31.820 EDT: IP: s=xxx.xxx.39.118 (local), d=142.251.40.238, len 100, local feature, feature skipped, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Oct 8 04:35:31.820 EDT: IP: tableid=0, s=xxx.xxx.39.118 (local), d=142.251.40.238 (GigabitEthernet0/0/1), routed via FIB
*Oct 8 04:35:31.820 EDT: IP: s=xxx.xxx.39.118 (local), d=142.251.40.238 (GigabitEthernet0/0/1), len 100, sending
*Oct 8 04:35:31.820 EDT: IP: s=xxx.xxx.39.118 (local), d=142.251.40.238 (GigabitEthernet0/0/1), len 100, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
Router#

*Oct 8 04:35:31.727 EDT: UDP: sent src=xxx.xxx.39.118(13504), dst=8.8.8.8(53), length=47

as per the debug, the router using WAN IP addresss resolve

 

 

Just thinking Does the Router has any ACL which blocking for DNS resolutin ? (at this stage done know) - as i have asked other output if you can post ACL config from router also helps here.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

No there are no ACLs in place blocking any traffic.

Hello,

 

I think the debug output shows the problem. The successful DNS lookup has the NATted IP address of the router as the source, while the unsuccessful debug has the private IP address of the switch as source. 

 

Which IP addresses are you natting on the router, do these include 192.168.42.0/24 (or whatever subnet 192.168.42.2 belongs to) ?

Yes the entire 192.168.42.0/23 is being NATed on the router to the singe IP address.

 

Router#show run | se nat
ip nat inside
ip nat outside
ip nat pool ovrld xxx.xxx.39.118 xxx.xxx.39.118 prefix-length 30
ip nat inside source list 7 pool ovrld overload
Router#show ip access 7
Standard IP access list 7
10 permit 192.168.42.0, wildcard bits 0.0.1.255
Router#

Hello,

 

that is the debug output from the switch, right ? I am after the debug output from the router...(the debug output that shows what happens when the DNS resolution actually works)...

BrunoVic
Level 1
Level 1

Ok so I did a test I removed the ip domain lookup source g1/0/21 and ran a ping test. Then I tried to restore the ip domain lookup source g1/0/21 and now I cannot ping using an interface source.

 

Switch(config)#do ping google.com source vlan 20

*Oct 8 17:05:43.965: Reserved port 11893 in Transport Port Agent for UDP IP type 1
*Oct 8 17:05:43.965: UDP: sent src=192.168.42.2(11893), dst=8.8.8.8(53), length=47
*Oct 8 17:07:43.967: Released port 11893 in Transport Port Agent for IP type 1
*Oct 8 17:07:43.967: Released port 11893 in Transport Port Agent for IP type 1 

Switch(config)#ip domain lookup source-interface GigabitEthernet1/0/21
Switch(config)#do ping google.com source vlan 20
                                                        ^
% Invalid input detected at '^' marker.

Switch(config)#

Hello,

 

post the full running configs of the router and the switch, as this becomes difficult to follow...

The full running config is CUI (Controlled Unclassified Information) and I cannot post it on a public forum. I am trying to work within the limits of what I can give you.

Yes it is.

Hello
why do you think you have dns issues?
The router works because is a l3 device so would your end hosts

Also I wouldn’t disable ip domain lookup as this would negate any interaction with any dns server you have specified on the router as they work together.
ip nane server xx
Ip domain lookup

As for the switch why do you need it to resolve DNS?
I am assuming it is running as a host switch (no ip routing) so it has no routing capability but for the management SVI and this is only for remotely accessing the device.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Review Cisco Networking for a $25 gift card