cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12168
Views
10
Helpful
11
Replies

SG300 DNS problem for VLAN

atampanday
Level 1
Level 1

Hi All,

This week i was trying to set up a new SG300-52 L3 switch for switching and Vlan. The problem is that the vlans on this switch cannot get their DNS resolved. Probably a stupid thing i can't get to see, but i think it is a simple solution given switchin is not my expertise.

So my setup:

- ISP Wan router: LAN ip 10.0.0.1, DMZ: 10.0.0.2 -> i have to use this router for ISP support. But it suckes, that's why we use own router for firewall, port forwarding etc.

- Nice Router: WAN: 10.0.0.2, LAN: 192.168.1.1

- SG300 L3 switch:

VLAN 1 (default) ip 192.168.1.10 /24

VLAN 5 (for back-end servers) ip 10.1.1.1 / 24

Static routes added:

0000/0000 -> 192.168.1.1 (so just send it to Nice Router)

This works. I can ping switch, nice router, ISP router and google's ip from VLAN 5.

But i cannot ping google using host name.

From within SG300 i can. So it has something to do with SG300 not doing DNS right.

My Client on VLAN 5 has ip 10.1.1.5 / 24, default gateway and dns pointing to switch: 10.1.1.1.

I have put an entry in DNS servers in SG300: 192.168.1.1 active (pointing to Nice router). Doesn't help.

Work around:

On client leave default gateway pointing to switch. But put DNS server : 192.168.1.1 == Nice router.

Now I can ping google.com. But this is not what i want. Just a nasty workaround.

Any help appreciated,

thanks,

Atam

.

2 Accepted Solutions

Accepted Solutions

I understand that you would like to use the switch as your primary DNS, however the switch does not have any DNS functionality which can handle DNS requests.

DNS traffic must be directed to a DNS server or DNS proxy. The switch can not answer DNS requests. Simply by having the switch as your default gateway, you are already routing traffic from the computer to the switch and then on to the router.

To give an example. If you send telnet traffic at the switch, you would get a telnet connection. If you send DNS traffic to the switch, you will not get a response as the switch is does not know what to do with the request.

I hope this information helps.

View solution in original post

Hi Atam,

Robert Carter gave you the correct answer  a wee while ago, the Sx300 doesn't do DNS relay.

.

I thought I would draw up your topology to better understand what you are trying to do. I used  the information in to draw up what I think is your network topology; (I used MS Paint for this purpose)

.

An Observation, if my topology diagram is correct;

  • Seems like VLAN5 on the SG300 switch has the same network address (10.0.0.0) as the  LAN interface  of the ISP  router and the WAN interface of the 'NICE' router. 
  • This could be most confusing for the "NICE" router.

Personally, I love the help you are being given by my colleagues, I can see they really care about trying to get you a solution.

The previous post entry suggested trying UDP relay.   I love the effort ,  people  wants to find a solution for you. Yep we care.

Personally,  I think UDP relay will not work as UDP relay relays broadcast UDP requests not unicast DNS requests, but if you want, give it a try .

In your earlier posting on March 1st you said;

"I want vlan clients to have a static ip and default gateway pointing to their switch.

The switch does not have something like DNS Relay. "

My question is ,

  • Atam, if you are going to give IP host on VLAN5  Static IP addresses, what really is the concern with giving these hosts Static DNS entries?
    • maybe of 192.168.1.1 .  It seems from your post that the NICE router is performing a DNS relay of some kind anyway
  • Is there anyway you can alter SG300, VLAN5 IP address address to something different,  maybe 10.1.0.1/24  rather than 10.0.0.1/24 ?
  • Is there a way you can then add a static route into the NICE router,  telling it that the 10.1.0.0/24 network has a gateway address of 192.168.1.10, or is something like this in place already?

regards Dave

View solution in original post

11 Replies 11

rocater
Level 3
Level 3

Hello Atam,

Unfortunately the SG300 does not provide DNS proxy features. It will act as a default gateway and pass traffic, which you have already setup. But you will have to have your DNS pointed to 1)local DNS 2)local router 3)outside DNS.

I would recommend using your ISP's DNS servers or the public DNS provided by Google at 8.8.8.8.

Hi Robert,

Thanks for the reply. I think you misunderstand me. I dont want the switch to run as a DNS proxy or server.

If i have a client connected directy to the "nice"router and point my default gateway and dns settings to its ip (192.168.1.1) i have internet.

If i ping google.com on my switch (web interface) it works.

If I connect the same client to the switch (vlan 5) and point default gateway and dns to the switch, internet does not work. I can ping the ip of google, but i cannot ping google.com. So i have a DNS problem.

If i leave default gateway of client pointing to the switch but change its dns to "nice" router (192.168.1.1) then it works.

What i want is the leave DNS also pointing to switch. The switch should route dns traffic to its gateway which is the "nice" router (which in turn routes it in the end to my ISP dns). But that is not working....

Even having set the nice router (192.168.1.1) as a DNS server in the switch settings.

You get me?

I understand that you would like to use the switch as your primary DNS, however the switch does not have any DNS functionality which can handle DNS requests.

DNS traffic must be directed to a DNS server or DNS proxy. The switch can not answer DNS requests. Simply by having the switch as your default gateway, you are already routing traffic from the computer to the switch and then on to the router.

To give an example. If you send telnet traffic at the switch, you would get a telnet connection. If you send DNS traffic to the switch, you will not get a response as the switch is does not know what to do with the request.

I hope this information helps.

ok, i think i get you.

I don't want the switch to understand the dns request. I want it to be dumb and simply route it to its default gateway, which is the "nice" router.

The router should be able to handle the dns request further.

Is that not possible with the switch? I mean its a Layer 3 switch for god sake

Also, for its own dns requests it does route them to the router because from the switch i can ping google.com......

Thanks

What about DHCP Relay in SG-300?

'The switch can act as a DHCP Relay agent that listens for DHCP messages, and

relays them between DHCP servers and clients that reside in different VLANs or IP

subnets'

Will this be usefull in this case ?

Not realy. Because DHCP is about giving clients dynamic network configuration.

I want vlan clients to have a static ip and default gateway pointing to their switch.

The switch does not have something like DNS Relay. That would be nice.........

Hello Atam,

You could use UDP relay for port 53 to your server.

http://www.cisco.com/en/US/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf

page 257.

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

Hi Atam,

Robert Carter gave you the correct answer  a wee while ago, the Sx300 doesn't do DNS relay.

.

I thought I would draw up your topology to better understand what you are trying to do. I used  the information in to draw up what I think is your network topology; (I used MS Paint for this purpose)

.

An Observation, if my topology diagram is correct;

  • Seems like VLAN5 on the SG300 switch has the same network address (10.0.0.0) as the  LAN interface  of the ISP  router and the WAN interface of the 'NICE' router. 
  • This could be most confusing for the "NICE" router.

Personally, I love the help you are being given by my colleagues, I can see they really care about trying to get you a solution.

The previous post entry suggested trying UDP relay.   I love the effort ,  people  wants to find a solution for you. Yep we care.

Personally,  I think UDP relay will not work as UDP relay relays broadcast UDP requests not unicast DNS requests, but if you want, give it a try .

In your earlier posting on March 1st you said;

"I want vlan clients to have a static ip and default gateway pointing to their switch.

The switch does not have something like DNS Relay. "

My question is ,

  • Atam, if you are going to give IP host on VLAN5  Static IP addresses, what really is the concern with giving these hosts Static DNS entries?
    • maybe of 192.168.1.1 .  It seems from your post that the NICE router is performing a DNS relay of some kind anyway
  • Is there anyway you can alter SG300, VLAN5 IP address address to something different,  maybe 10.1.0.1/24  rather than 10.0.0.1/24 ?
  • Is there a way you can then add a static route into the NICE router,  telling it that the 10.1.0.0/24 network has a gateway address of 192.168.1.10, or is something like this in place already?

regards Dave

Dear friends, thank you very much for your interest and help/tips to far.

I was away for a couple of days which caused the delay in my reply. Sorry about that.

@everyone

I made a mistake in my first post. Vlan 5 uses 10.1.1.0/24 network and the switch therefore has ip 10.1.1.1.

My bad. David pointed this out.

@Randy

Nice tip. I didn't think of that, very clever. I triend it out ...and it doesn't work. It seems like David is right about this.

@David/Dave

Thanks for pointing out the wrong network for Vlan 5. In the awesome picture you made it should be 10.1.1.1 instead of 10.0.0.1 for Vlan 5. You were also right about Randy's idea. The answers to your questions:

1. Currently my hosts have static gateway of 10.1.1.1 (switch vlan 5) and dns entry og 192.168.1.1 (nice router). The thing is that i want them to point to 1 thing which takes care of the rest. Not realy needen indeed. I will live. But it would be nice. Say if i have 100 hosts and change my dns server.... If i cange my switch i will just give the new device same ip.

2.  That is what i did. I just posted it wrong here. Sorry for that.

3. I allready did that. Otherwise the nice router would not be able to ping 10.1.1.x devices.

If no one comes with a beter idea i will mark Robert his post as the answer.

Cheers

Atam

Atam,

Robert is correct when saying the SG300 does not provide any DNS relay or forwarding settings. This should be given out by your DHCP server or static assigned to point to an internal or external DNS server or proxy. 

Jasbryan

indeed