Split DNS not working on RV220W

dataprocomputers · ‎08-22-2012

I've currently tried firmwares 1.0.3.5 and 1.0.4.17 and neither of the two work properly with split dns

1.0.1.0 doesn't support Split DNS .

Split DNS was implemented in 1.0.2.4 which was pulled, so I can't even test that.

You can find the release notes here:

http://www.cisco.com/en/US/docs/routers/csbr/rv220w/release/notes/RV220W_Release_Notes_1.0.2.4.pdf

But the download itself doesn't exist. I've combed the internet and nothing.

I've set up Split DNS before with two RV042s and it works fine.

So this is my setup:

Home:

RV220W

LAN: 192.168.1.x

Router: 192.168.1.1

Subnet: 255.255.255.0

Office:

RV042

LAN: 10.0.0.x

Router: 10.0.0.254

Subnet: 255.255.255.0 (this is intential)

Site to Site VPN:

Using RV220W's default IKE settings.

Split DNS Enabled

Primary DNS Server: 10.0.0.1

Primary Domain: dataprocomputers.com

(this is set up on the home network)

I'll skip the unnecessary stuff.

VPN connects fine. IKE is all good. Everything pings.

nslookup pdc01.dataprocomputers.com. 10.0.0.1

response is good

nslookup pdc01.dataprocomputers.com. 192.168.1.1

no response

DNS Proxy enabled and disabled makes no difference.

Changing the RV220W's DHCP domain name to dataprocomputers.com doesn't matter

With Split DNS disabled 192.168.1.1 will respond with the WAN IP (because it's using the ISP). That's expected

With Split DNS enabled 192.168.1.1 never responds (no ip given)

Has anybody ever got Split DNS to work on 1.0.3.5 and higher? Can somebody share their 1.0.2.4 to see if this issue is on 1.0.3.5 and above?

doug_counsil · ‎08-22-2012

These are all the different versions of RV220W firmware that I have. None of them are Beta; they are all GA releases.

http://www.4shared.com/file/XCAlnEDj/RV220W-Firmware-10026.html

http://www.4shared.com/file/tTzpDDE9/RV220W-Firmware-1010.html

http://www.4shared.com/file/LNcdZB7I/RV220W-Firmware-1024.html

http://www.4shared.com/file/W1FarVAA/RV220W-Firmware-1035.html

http://www.4shared.com/file/nh4oEvU9/RV220W-Firmware-10417.html

dataprocomputers · ‎08-23-2012

Thanks. None of them worked. I checked my DNS server and it's not getting any requests from the RV220W. I guess I'm sending this thing back

dataprocomputers · ‎08-23-2012

I tried all firmwares, none of them work.

I set up my own linux server.

Installed dnsmasq

added one line to dnsmasq.conf

server=/dataprocomputers.com/10.0.0.1

disabled the dhcp

pointed my dhcp clients to the linux server

and it worked.

Seriously, Cisco? Check your code. It's on your side.

Petrbenda · ‎10-06-2012

I had encountered more strange issues using very similar structure as mentioned. I have established IPSec gateway to gateway VPN between RV220W (Firmware Version 1.0.4.17) a RV042 (Firmware Version: 1.3.12.19-tm). I use domain server (SBS2011). The Domain server is on side of RV042.

My statement is:

•1. It is not possible to get through VPN all IPs (some PCs are invisible) on side of RV042, I tried set up split DNS, it does not work. I had Router WRVS4400N before and everything worked OK.
•2. If I update RV042 to the latest firmware (1.3.13.02-tm), it is impossible register some PCs on side of RV220W to the domain.

I would expect better work from leading company like CISCO thinks.

tronddanielsen · ‎10-14-2013

In search for a solution to this I replaced our internal DNS IP, which is accessible through the VPN tunnel, with a publicly available DNS IP such as 8.8.8.8. After that requests to the Split DNS zone configured in the VPN policy are forwarded to the correct server by the DNS proxy. So the problem seems to be that the proxy is not forwarding the Split DNS request to the correct interface which cause the request to time out.

perhjartoy · ‎07-15-2014

I know this is an old thread, but the issue reported by OP seems still to exist. The RV180 appears to have the same problem to according to this link https://supportforums.cisco.com/discussion/11661066/rv180-split-dns-not-working.

Our scenarios is that the RV220W is used in a small office with only client machines. When there is a need to access servers at HQ, I would like the DNS query to be routed to our internal DNS servers based upon our domain name. For all other DNS lookups the DNS of the ISP should be used to avoid unnecessary traffic over the IPSec tunnel.

The configuration is:

IPv4 LAN (Local Network):
- DHCP:Primary DNS Server = RV220W's LAN address
- DNS Proxy: enabled
- Split DNS: enabled
Advanced VPN Setup:VPN Policy Configuration
- Domain Name Server 1: IP of our internal DNS server on the other side of the IPSec tunnel
- Domain Name 1: Our domain name i.e. in our internal DNS server we have all hosts in our domain

Besides tunneling all traffic, does anyone know about a way to direct all DNS queries for our domain through the tunnel to our internal and protected DNS servers, but use the ISP's DNS servers for all other look-ups? Btw, we do not have overlapping sub-nets (bad idea in the first place).