cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1209
Views
0
Helpful
2
Replies

Unable to perform DNS lookup on 2921 router

gchevalley
Level 1
Level 1

I am trying to setup NTP on a 2921 router to get time from various NIST time sources via URL instead IP address.  However, I cannot seem to get DNS initialized on this router receiving the error message DNSIX: Dnsix is not enabled from the show dns command.  Here is my relevant config.

 

ip domain list vrf MGT <domain-name>.com
ip domain lookup source-interface GigabitEthernet0/2
ip domain name <domain-name>.com
ip name-server vrf MGT <internal name server IP>
ip name-server vrf MGT <internal name server IP>

 

interface GigabitEthernet0/2
description MGMT
ip vrf forwarding MGT
ip address <omitted> 255.255.255.0
ip access-group MGT_ACCESS in
no ip redirects
no ip proxy-arp
ip verify unicast reverse-path
load-interval 30
duplex auto
speed auto
no mop enabled

 

ip access-list standard MGT_ACCESS
 permit host <internal name server IP>
 permit host <internal name server IP>
 ...
 deny any log

 

 This is what I get when testing:

 

ROUTER#ping time.nist.org
Translating "time.nist.org"...domain server (255.255.255.255)
% Unrecognized host or address, or protocol not running.

 

ROUTER#sh dns
DNSIX: Dnsix is not enabled

2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

Perhaps seeing more of the config of the router would help us identify the cause of this issue. In particular I am interested in seeing the access list that you apply to the interface. Also a better understanding of the topology of the network would be helpful.

 

HTH

 

Rick

HTH

Rick

The DNS lookup isn't working because the path to the name servers is via the management VRF and it won't split as configured. There isn't any need to pursue this any further because the router isn't capable of doing what I need it to. That being using a URL to reach an NTP server. I was hoping the router would work in a similar fashion as DNS lookup on an ASA firewall. You can create an network object on an ASA referencing a URL which when applied to an ACE will have the ASA perform a DNS lookup. From an ASA you can run the show DNS command and it will show the URL, the IP Address DNS returned and the TTL time for said lookup. Once the TTL value expires it will perform a new lookup. The routers will not do that. They will perform a one time lookup and place the IP address of the config in place of the host name entered. This will vary slightly between some models and code but none of the routers I have tried this on will keep and monitor the TTL value and perform a new lookup. Sh DNS on the routers doesn't ever show anything. With this being the case it doesn't do any good to perform dynamic lookup's on the routers. Hopefully someone at Cisco will see the value in this and add this as a feature request.
Review Cisco Networking for a $25 gift card