Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
20753
Views
0
Helpful
4
Replies

DNS name resolution on IOS router terminal

Go to solution
nbaker011
Level 1
Level 1

‎11-21-2016 04:34 PM - edited ‎03-08-2019 08:14 AM

Hello, I have an 800 series I'm going through the configuration on and have a question on how to get dns name resolution to work on the router itself. I'm not running a local dns server (I'm using the one from the ISP). After running autosecure on the router, dns resolution on the router itself doesm't seem to work anymore. Meaning if I login via SSH into the router to run diagnostics it doesn't resolve - for example if I do "ping www.cisco.com" its stuck on

Cisco891F#ping www.cisco.com

Translating "www.cisco.com"...domain server (X.X.X.X) !--- X.X.X.X is my ISP's modem

% Unrecognized host or address, or protocol not running.

I can ping X.X.X.X directly (and 23.72.0.170, which is www.cisco.com)

On the LAN side, the PCs are provided with the same dns server (X.X.X.X), and name-resolution seems to be working there, so the router is letting dns queries through, but doesn't seem to be able to use the name server directly.

I can provide the relevant configuration info, if there isn't something obvious i'm missing.

Thanks,

Nick.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Austin Sabio
Level 4
Level 4

‎11-22-2016 10:14 AM

ip domain lookup
ip name-server
ip domain name

Make sure all above commands are enabled. 

Please see http://www.cisco.com/c/en/us/support/docs/ip/domain-name-system-dns/24182-reversedns.html

Good luck! 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Milos Megis
Level 3
Level 3

‎11-21-2016 11:35 PM

Hi, use command (in configuration mode) "ip name-server x.x.x.x" where x.x.x.x is IP address of some DNS server

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Milos Megis

‎11-22-2016 06:55 AM

It has been quite a while since I have looked at autosecure and I am not sure exactly what it is doing. But it is pretty obvious that part of what it does to make the router more secure is to not use DNS for resolving names to IP addresses. I know that one perspective about making a router more secure is to remove all non essential services. So disabling DNS resolution reduces the things that might possible be used to attack the router. But I agree with your point that having name resolution makes management of the network and troubleshooting more convenient. So I would suggest that you have a look at the current config of the router, find what autosecure disabled, and enable it.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Austin Sabio
Level 4
Level 4

‎11-22-2016 10:14 AM

ip domain lookup
ip name-server
ip domain name

Make sure all above commands are enabled. 

Please see http://www.cisco.com/c/en/us/support/docs/ip/domain-name-system-dns/24182-reversedns.html

Good luck! 

0 Helpful

Go to solution
nbaker011
Level 1
Level 1

‎11-22-2016 11:33 AM

Thanks, that was the link I was trying to find. There is an incoming access list on the internet facing interface. I didn't think this was the problem seeing as the PCs work fine. I added the following to the acl:

 permit udp any any eq domain

 permit udp any eq domain any

So I don't quite understand why this works now, but it does. The only other item on the configuration is "ip inspect dns-timeout 7". Not the highest priority for me at the moment, but would be nice to understand the inconsistency.

Thanks,

Nick.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card