Solved: Re: Unable to reach DNS server on Cisco 881 router

matjxa · ‎11-22-2023

Hi,

I am trying to set up a DNS server on the router for my local network, these are my configs:

Current configuration : 1439 bytes
!
! Last configuration change at 00:14:16 UTC Tue Jan 9 1900
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Labnet
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$Ui8u$eoLJUOpxlga4iYrqK6pvX/
enable password *******************
!
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
ip source-route
!
!
!
ip dhcp excluded-address 192.168.15.1 192.168.15.2
!
ip dhcp pool labnet
  network 192.168.15.0 255.255.255.0
  dns-server 192.168.15.1
  default-router 192.168.15.1
  domain-name example.local
!
ip dhcp pool MAINSERVER
  host 192.168.15.3 255.255.255.0
  client-identifier ****.****.****.**
!
!
ip dhcp update dns both override
ip cef
ip host gerrit.example.local 192.168.15.3
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FCZ1517C5M7
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
  shutdown
!
interface FastEthernet3
  shutdown
!
interface FastEthernet4
  no ip address
  shutdown
  duplex auto
  speed auto
!
interface Vlan1
  ip address 192.168.15.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip dns server
ip dns spoofing
!
logging esm config
!
!
!
!
!
line con 0
  no modem enable
line aux 0
line vty 0 4
  password *******************
  login
  transport input all
!
end

I have a server that I want to give the domain name gerrit.example.local. Pinging gerrit.example.local from the router works fine, but when I try to access gerrit.example.local from another computer on the network it does not work:

$ nslookup gerrit.example.local
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: gerrit.example.local
Address: 192.168.15.1
;; connection timed out; no servers could be reached

$ nslookup gerrit.example.local 192.168.15.1
Server: 192.168.15.1
Address: 192.168.15.1#53

Non-authoritative answer:
Name: gerrit.example.local
Address: 192.168.15.1
;; connection timed out; no servers could be reached

I can ping 192.168.15.3 so the server can be reached, but the DNS does not work.

The server is connected directly to the FastEthernet1 port and the other computer is connected to FastEthernet0 through an HP switch, if that is relevant. (Also I don't have internet access right now, that is why FastEthernet4 is not configured)

Best regards,

Mattias

M02@rt37 · ‎11-22-2023

@matjxa,

Since you have DNS spoofing enabled on the router, consider temporarily disabling it to see if it affects the behavior. The

ip dns spoofing

command can sometimes cause unexpected issues.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

MHM Cisco World · ‎11-22-2023

R1# configure terminal
R1(config)# ip dns server
R1(config)# ip domain-lookup

You need above to make router work as DNS

MHM Cisco World · ‎11-22-2023

I open via PC is see command.

MHM

matjxa · ‎11-22-2023

ip dns server is active, see the config in the first post.

M02@rt37 · ‎11-22-2023

Helo @matjxa

ip domain-lookup is configured ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

matjxa · ‎11-22-2023

Hello,

ip domain-lookup is configured (I guess it doesn't show up in running-config because it's on by default?), but it still doesn't work.

If I check systemd-resolve --status on the other computer it recognizes the router as a DNS server, so I don't understand why it doesn't work:

$ systemd-resolve --status

Link 2 (enp0s31f6)
Current Scopes: DNS
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 192.168.15.1
DNS Servers: 192.168.15.1
DNS Domain: ~.
example.local

M02@rt37 · ‎11-22-2023

@matjxa,

Since you have DNS spoofing enabled on the router, consider temporarily disabling it to see if it affects the behavior. The

ip dns spoofing

command can sometimes cause unexpected issues.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

matjxa · ‎11-22-2023

I disabled DNS spoofing and now it works!

It seems to be very slow though. When I ping gerrit.example.local it takes around 15 seconds before anything happens. What could be the cause of this?

M02@rt37 · ‎11-22-2023

Great @matjxa

Clear the DNS cache on both the router and the client to ensure that you are not dealing with outdated or incorrect DNS entries.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

MHM Cisco World · ‎11-22-2023

Ip dns spoofing

Can slow but not stop dns'

For slow after remove spoofing

Add

Domain name example.local

Check this.