Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2644
Views
0
Helpful
2
Replies

Unable to resolve DNS lookups from Cisco 871w Router

Daniel Baker
Level 1
Level 1

‎01-28-2017 11:56 PM

Hi,

I can not get DNS to work on a Cisco 871w  router.  It was working fine but by ISP changed the GPON router and now it fails. I am somewhat out of touch with Cisco commands so please bear with me.

Trying the DNS  lookup:

zabbix#ping www.bbc.co.uk

Translating "www.bbc.co.uk"...domain server (202.144.184.171) [OK]

Translating "www.bbc.co.uk"...domain server (202.144.184.171) [OK]

Translating "www.bbc.co.uk"...domain server (202.144.184.171) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 212.58.246.93, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

UDP debug :


*Jan 24 21:25:10.916: UDP: rcvd src=192.168.0.1(1036), dst=255.255.255.255(1037), length=26
*Jan 24 21:25:11.931: UDP: sent src=103.240.242.124(53947), dst=202.144.184.171(53), length=39
*Jan 24 21:25:11.947: UDP: rcvd src=202.144.184.171(53), dst=103.240.242.124(53947), length=385
*Jan 24 21:25:12.211: UDP: rcvd src=103.240.242.70(137), dst=103.240.242.255(137), length=58.
*Jan 24 21:25:12.951: UDP: rcvd src=103.240.242.70(137), dst=103.240.242.255(137), length=58
*Jan 24 21:25:13.703: UDP: rcvd src=103.240.242.70(137), dst=103.240.242.255(137), length=58....
Success rate is 0 percent (0/5)

My Set up:

DNS servers :  202.144.184.170      202.144.184.171.   I can ping the DNS server from the router.

Public IP / Router ID :  103.240.242.124

This Cisco  router connects to the ISPs   GPON router which is in bridge mode.  If I connect my computer directly to this GPON router I can  do DNS lookups ok.

My  Router config  :

Building configuration...

Current configuration : 2986 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone year
no service password-encryption
!
hostname zabbix
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 informational
!
aaa new-model
!
!
aaa authentication login default local
!
aaa session-id common
!
resource policy
!
clock timezone laos 7
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.100 192.168.0.110
ip dhcp excluded-address 192.168.0.1 192.168.0.100
ip dhcp excluded-address 192.168.0.111 192.168.0.254
!
ip dhcp pool DHCP
   network 192.168.0.0 255.255.255.0
   default-router 103.240.242.1
   dns-server 202.144.184.170
   domain-name wr
!
!
no ip ftp passive
ip domain name zabbix
ip name-server 202.144.184.171
ip name-server 8.8.8.8
ip name-server 202.144.184.170
ip ssh version 2
!
!
!
username admin privilege 15 secret 5 $1$2I9R$NsukW6869INOIIWuKaHk823
!
!
!
!
!
!
interface FastEthernet0
 spanning-tree portfast
!
interface FastEthernet1
 spanning-tree portfast
!
interface FastEthernet2
 spanning-tree portfast
!
interface FastEthernet3
 spanning-tree portfast
!
interface FastEthernet4
 description wan$ETH-WAN$
 ip address 103.240.242.124 255.255.255.0
 ip access-group 101 in
 ip access-group 101 out
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 no cdp enable
!
interface Dot11Radio0
 no ip address
 shutdown
 !
 ssid test
    vlan 2
    authentication open
    guest-mode
 !
 speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
 rts retries 128
 power local cck 7
 power local ofdm 7
 power client 7
 packet retries 128
 beacon period 4000
 beacon dtim-period 50
 fragment-threshold 256
 station-role root
!
interface Vlan1
 ip address 192.168.0.100 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
router rip
 version 2
 passive-interface Dot11Radio0
 network 192.168.0.0
 no auto-summary
!
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
ip dns server
!         
ip http server
ip http authentication local
no ip http secure-server
ip nat translation dns-timeout 120
ip nat translation icmp-timeout 120
ip nat inside source list 101 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.0.103 1935 103.240.242.124 1935 extendable
!
no logging trap
access-list 101 permit udp any any eq domain
access-list 101 permit udp any eq domain any
access-list 101 permit ip any any
access-list 101 permit udp any any
!
!
!
tftp-server archive:cisco
!
control-plane
!
banner login ^CCThis is private property. Keep out !^C
!         
line con 0
 exec-timeout 30 0
 logging synchronous
 no modem enable
line aux 0
line vty 0 4
 exec-timeout 0 0
 logging synchronous
 transport input ssh
 transport output ssh
!
scheduler max-task-time 5000
ntp clock-period 17175019
ntp server 202.156.0.34 source FastEthernet4 prefer
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end

I  suspect NAT or an ACL  or could it be something else? 

Thanks for the help,

Dan 

Labels:
0 Helpful
2 Replies 2

Daniel Baker
Level 1
Level 1

‎01-29-2017 03:12 AM

I made some changes :

access-list 112 permit tcp any any eq domain access-list 112 permit

access-list 112 permit tcp any eq domain any

I also changed what I ping. I was pinging www.bbc.co.uk  which for some reason the router does not translate. Maybe they block icmp ping replies.

zabbix(config)#do ping www.google.com

Translating "www.google.com"...domain server (202.144.184.171) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 223.27.237.46, timeout is 2 seconds:
.!!!!

When I ping www.google.com it works.  

Can someone explain to me why ? 

0 Helpful

Daniel Baker
Level 1
Level 1
In response to Daniel Baker

‎01-30-2017 04:24 PM

We figured it out.  We needed to change the route like this :

ip route 0.0.0.0 0.0.0.0 FastEthernet4

to 

ip route 0.0.0.0 0.0.0.0  103.240.242.124

0 Helpful
Customers Also Viewed These Support Documents