Cisco 9500 as DNS Server problem

OrkhanRustamli · ‎09-07-2020

Hello.

In my fabric network cisco 9500series stack is acting as Fusion. I have configured DNS Server on it to server as proxy to my clients. Last 3 days we have been doing migration to office and I had to change 9500 and reconfigure from 0 again and upgraded image to cat9k_iosxe.16.12.04.SPA.bin.

The problem is now DNS is not working on clients, they have to use 8.8.8.8 directly. I tried pinging some global domains from switch itself, which works fine but users` request are not processed.

There is not any firewall between as I imported switch loopback into VRFs and back.

This is configuration i tried first:

ip domain name XYZ.local
ip domain-lookup
ip name-server 8.8.8.8 8.8.4.4
ip dns server

ip host dnac.XYZ.local 192.168.xxx.yyy

Then I tried to do DNS Forwarding with new way:

ip access-list standard DNS_PERMIT
 permit 192.168.0.0 0.0.255.255

ip dns name-list 1 permit .*

ip dns view default
 domain name-server 8.8.8.8
 domain name-server 8.8.4.4
 domain name XYZ.local
 dns forwarding source-interface Loopback0

ip dns view-list LAN
 view default 1
  restrict source access-group DNS_PERMIT
  restrict name-group 1

ip dns server view-group LAN
ip dns server

None of above helped. Users can even query the local binding which defined in switch with "ip host". Clients can ping switch`s loopback address which is used as dns server. And again from switch I can ping all the domains.

What can be the reason?

mnagired · ‎09-08-2020

Hi

Since users are part of VRF, are you injecting a default route into VRF table? All the above configs are part of GRT, which is fine, but hope the route leaking on the fusion is taken care off?

OrkhanRustamli · ‎09-09-2020

Hi

Yes, route leak is in place as same IP is serving DHCP and DHCP is working fine. I think problem is related to switch not forwarding dns queries coming to it.