Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7284
Views
5
Helpful
5
Replies

DNS not working after DHCP server config

Go to solution
joshua.krugjohann
Level 1
Level 1

‎01-25-2013 06:53 PM - edited ‎03-07-2019 11:19 AM

Hello,

I seem to be having a problem with DNS name resolution after configuring my router (Cisco 3725 running IOS image: c3725-adventerprisek9-mz.124-25.bin) for handling DHCP requests.

Before I made the change, everything was working correctly; I could ping Google.com from a computer inside my LAN and would get response from one of Google's public IP's like normal.

I had a separate DHCP/DNS server running Windows Server 2008 handling the DHCP request and DNS queries.

When I made the change, I turned off the DHCP/DNS server and issued the following DHCP commands to my router:

no ip dhcp use vrf connected

ip dhcp excluded-address 10.0.0.20 10.0.0.23

ip dhcp excluded-address 10.0.0.2 10.0.0.19

ip dhcp excluded-address 10.0.0.100

ip dhcp excluded-address 10.0.0.1

!

ip dhcp pool LAN_Pool

network 10.0.0.0 255.255.255.0

default-router 10.0.0.1

domain-name morphius.com

lease infinite

Then I took my DNS servers address (10.0.0.2) out of the name-server configuration of my router but left the my ISP DNS servers in.

Once I finshed this, I released/renewed my computer's own IP and the router assigned it a new lease as expected.

I did a few simple ping tests to test Internet connectivty by first pinging the router, then my ISP's gateway, and finally, an Internet site like Google.com.

This is where I started running into trouble.  I could ping an Internet facing site by IP with no issue, but could not resolve public domain names (i.e. Google.com) from the computers in my LAN.  I can still hit Internet sites if I use the IP which is to be expected.

From the router however, I can ping any Internet DNS name I want and I get replies back from the public IP like normal.  That leads me to think that there is obviously something wrong with my configuration.

I'm studying for my CCNA, but this has me stumped.  I would certaintly appreciate any help the Cisco Community could give.  Does anyone have any ideas what I could be doing wrong?

I've included the Config from my router with some information omitted.  Any help is greatly appreciated.

Start-up config:

!This is the running config of the router: 10.0.0.1
!----------------------------------------------------------------------------
!version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
logging userinfo
no logging buffered
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local 
!
aaa session-id common
clock timezone GMT 0
clock summer-time GMT recurring last Sun Mar 1:00 last Sun Oct 2:00
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.0.20 10.0.0.23
ip dhcp excluded-address 10.0.0.2 10.0.0.19
ip dhcp excluded-address 10.0.0.100
ip dhcp excluded-address 10.0.0.1
!
ip dhcp pool LAN_Pool
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1 
domain-name morphius.com
lease infinite
!
!
ip domain name morphius.com
ip name-server 67.210.150.21
ip name-server 208.95.18.150
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip ips sdf location flash://attack-drop.sdf
ip ips notify SDEE
ip ips name sdm_ips_rule
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-2670148948
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2670148948
revocation-check none
rsakeypair TP-self-signed-2670148948
!
!
crypto pki certificate chain TP-self-signed-2670148948
certificate self-signed 01
30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
69666963 6174652D 32363730 31343839 3438301E 170D3132 30393039 32333332 
31315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 36373031 
34383934 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
8100FC02 789A092A 44A696F1 4B388DD7 20EA1083 61B42C8B 0827D7D0 E146F7AF 
27665CBE C5B68FBB 879EDE16 C2473FFE FAA542A6 A41B7FB0 5D632E06 6002DC64 
FCE4188A 6625A7A8 771EF997 F6EE7B10 AD0D457A 9E3E7824 A1CC713C BC99611B 
EF9D5B2A 9CF0B020 C27615EF 2C3AEEFD 3D06DDAB 06A14073 97BB1ED6 F1A67D31 
C7A90203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603 
551D1104 13301182 0F52312E 6D6F7270 68697573 2E636F6D 301F0603 551D2304 
18301680 1452063E 40258199 5C0FF7E5 039F509C 46A7A4D7 3B301D06 03551D0E 
04160414 52063E40 2581995C 0FF7E503 9F509C46 A7A4D73B 300D0609 2A864886 
F70D0101 04050003 818100A3 8AFE3E46 1A06AC88 A7FC226E 9F284480 526CA92A 
34F9681E ED763BA9 E391B9AF 084A6AF4 5DED7EE5 341A6EDB BB8C6C97 2EC48281 
2FE27CFD F5E6CBB3 69B9FAA3 1A11196D 9F76F27C D25011A8 8CC64D7F DA0423F8 
7EFF0629 ED868211 547A811E 3C04F02F 8C3C6715 83AAFCE9 F34396FA 7FBD18B8 
E454FF6E F2F68145 71F9C9
quit
<USERNAMES OMITTED>
!
!
ip ssh maxstartups 2
ip ssh logging events
ip ssh version 2
! 
!
crypto isakmp client configuration group Remote_Users
key morphius
dns 10.0.0.2
domain morphius.com
pool SDM_POOL_1
max-users 10
netmask 255.255.255.0
!
!
!
!
interface Loopback1
description $FW_INSIDE$
ip address 1.1.1.1 255.255.255.0
ip virtual-reassembly
!
interface FastEthernet0/0
description EXTERNAL CONNECTION TO ISP$ETH-WAN$$FW_OUTSIDE$
bandwidth 100000
ip address xx.xx.xx.xx 255.255.255.224
ip broadcast-address xx.xx.xx.xx
ip verify unicast reverse-path
ip nat outside
ip ips sdm_ips_rule in
ip virtual-reassembly
speed auto
half-duplex
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
description INTERNAL CONNECTION TO LAN$ETH-LAN$$FW_INSIDE$
bandwidth 100000
ip address 10.0.0.1 255.255.255.0
ip broadcast-address 10.0.0.255
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 125000
!
interface Serial0/2
no ip address
shutdown
clock rate 125000
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx
!
!
no ip http server
ip http authentication local
ip http secure-server
ip http max-connections 2
ip http timeout-policy idle 300 life 300 requests 30
ip nat pool R1_Pool xx.xx.xx.xx xx.xx.xx.xx netmask 255.255.255.224
!
<IP NAT PORT EXCEPTION OMITTED>
!
logging history debugging
logging trap debugging
logging facility syslog
logging host 67.214.212.103 transport udp port 61325
access-list 1 permit 10.0.0.0 0.0.0.255
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner login ^C
AUTHORIZED USERS ONLY - PLEASE ENTER USERNAME/PASSWORD ^C
banner motd ^C
Welcome to R1 - Morphius ISP Router ^C
privilege exec level 2 traceroute
privilege exec level 2 ping
privilege exec level 2 reload
privilege exec level 2 show version
privilege exec level 2 show
!
line con 0
line aux 0
line vty 0 4
privilege level 15
line vty 5 903
privilege level 15
!
ntp logging
ntp clock-period 17180575
ntp server 64.236.96.53
!
end
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jeff Van Houten
Level 5
Level 5

‎01-25-2013 08:30 PM

Ip name-server is used by the router to locate DNs servers. For your pcs to resolve dns, your dhcp pool needs to tell the clients which DNs server to use. Add dns-server commands to your dhcp pool, release and renew your pc, then test again.

Sent from Cisco Technical Support iPad App

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jeff Van Houten
Level 5
Level 5

‎01-25-2013 08:30 PM

Ip name-server is used by the router to locate DNs servers. For your pcs to resolve dns, your dhcp pool needs to tell the clients which DNs server to use. Add dns-server commands to your dhcp pool, release and renew your pc, then test again.

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
joshua.krugjohann
Level 1
Level 1
In response to Jeff Van Houten

‎01-25-2013 10:28 PM

So would the command syntax be something like this?

ip dhcp pool LAN_Pool
dns-server

I want to say I've already tried this but I can't recall right off.

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
mahmoodmkl
Level 7
Level 7
In response to joshua.krugjohann

‎01-25-2013 10:43 PM

Hi

yes the commans will be

dns-server (ip address of the server) btw u can have multiple servers by giving space.

Go to solution
joshua.krugjohann
Level 1
Level 1

‎01-25-2013 10:45 PM

Cool I will try this when I get home from work and let you know how it works out.

Thanks guys for the replies!

I'll get back to you.

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
joshua.krugjohann
Level 1
Level 1

‎01-27-2013 09:40 PM

Ok I issued the appropriate commands, and it works now :)

Could've sworn I already tried it but obviously not or it would've worked lol

Thanks again guys I really appreciate the help!

Sent from Cisco Technical Support iPhone App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card