Re: DNS problem with windows server 2019 and cisco 3750x

ahmadito · ‎07-18-2019

hello

i have a core switch 3750x 24 192.168.1.11 255.255.255.0

and edge switch 2960 192.168.1.12

fortinet firewall 192.168.11.10

after upgrading the ios to 15.2 i got a problem in DNS resolving at windows server 2019

i checked all the possible solutions but only possible problem there is a miss configuration at the switch

please note that i can ping 8.8.8.8 and 8.8.4.4

but not able to open google.com for example

here i list you the configuration for

lifa-coresw#sh running-config
Building configuration...

Current configuration : 3821 bytes
!
! Last configuration change at 05:22:49 UTC Mon Jan 2 2006
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname lifa-coresw
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$xSYB$ki6oP25CdI9liofaYdXWj0
!
no aaa new-model
switch 1 provision ws-c3750x-24s
system mtu routing 1500
!
!
!
!
ip routing
!
!
ip name-server 192.168.11.9
ip name-server 192.168.11.10
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
no ip route-cache
shutdown
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/4
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/5
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/6
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/7
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/8
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/9
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/10
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/11
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/12
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/13
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/14
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/15
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/16
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/17
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/18
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/19
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/20
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/21
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/22
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/23
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/24
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 192.168.1.11 255.255.255.0
!
interface Vlan4
ip address 192.168.11.1 255.255.255.0
!
interface Vlan5
ip address 192.168.12.1 255.255.255.0
!
interface Vlan6
ip address 192.168.13.1 255.255.255.0
!
interface Vlan7
ip address 192.168.14.1 255.255.255.0
!
interface Vlan11
no ip address
!
ip forward-protocol nd
!
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.11.10
!
!
!
!
line con 0
password noaccess
login
line vty 0 4
password noaccess
login
transport input all
line vty 5 15
password noaccess
login
transport input all
!
!
end

lifa-coresw#

and here for the edge switch

Current configuration : 4833 bytes
!
! Last configuration change at 04:04:19 UTC Mon Mar 1 1993
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname lfia-edgesw
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$q2ZO$sh8XfGzrruARl9Z9Qk1lL1
!
no aaa new-model
system mtu routing 1500
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
interface FastEthernet0/1
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/25
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/26
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/27
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/28
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/29
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/30
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/31
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/32
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/33
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/34
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/35
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/36
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/37
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/38
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/39
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/40
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/41
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/42
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/43
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/44
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/45
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/46
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/47
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/48
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet0/1
switchport mode trunk
!
interface GigabitEthernet0/2
switchport mode trunk
!
interface GigabitEthernet0/3
switchport mode trunk
!
interface GigabitEthernet0/4
switchport mode trunk
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan2
ip address 192.168.1.12 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.1.11
ip http server
ip http secure-server
!
vstack
!
line con 0
password noasscess
login
speed 115200
line vty 0 4
password noaccess
login
line vty 5 15
password noaccess
login
!
end

lfia-edgesw#

please help

Georg Pauwen · ‎07-18-2019

Hello,

on both the L2 and the L3 switch, try and unshut the Vlan 1 interface.

Also, on the access ports of your edge switch, configure 'spanning-tree portfast'....

balaji.bandi · ‎07-18-2019

You are not able to resolve DNS Lookup from what device,. from switch or windows Server

ip name-server 192.168.11.9 <<- what is this device ?

From windows Server, can you post nslookup google.com and ipconfig /all

same from switch - ping google.com

on Switch add command ip domain lookup and try ping google.com and let us know the outcome.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ahmadito · ‎07-18-2019

192.168.11.9 is the server ip where i have the DC ,DNS and DHCP

when i do noloopk up i get

C:\Users\ahmadito>nslookup
Default Server: Server-LFiA.LFiA.MS
Address: 192.168.11.9

> yahoo.com
Server: Server-LFiA.LFiA.MS
Address: 192.168.11.9

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to Server-LFiA.LFiA.MS timed-out
> yahoo.com
Server: Server-LFiA.LFiA.MS
Address: 192.168.11.9

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to Server-LFiA.LFiA.MS timed-out

balaji.bandi · ‎07-18-2019

This proves that your DNS Server it self not able to resolve the Domain names, is this nslookup you have tested on server or user PC ? Can you do same test from 192.168.11.9 and show us the output, we also need output from server that you able to reach internet, nothing is blocking in the Fortigate ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ahmadito · ‎07-19-2019

C:\Users\Administrator>tracert 8.8.8.8

Tracing route to 8.8.8.8 over a maximum of 30 hops

1 1 ms 1 ms 1 ms 192.168.1.1
2 <1 ms <1 ms <1 ms 192.168.11.10
3 <1 ms <1 ms <1 ms 194.165.146.177
4 1 ms 1 ms 1 ms 212.34.1.177
5 1 ms 1 ms 1 ms 10.50.1.129
6 1 ms 1 ms 1 ms 10.50.9.69
7 2 ms 1 ms 1 ms 10.50.9.66
8 3 ms 1 ms 1 ms 213.139.51.3
9 4 ms 2 ms 2 ms 193.251.251.233
10 61 ms 60 ms 59 ms 193.251.131.114
11 66 ms 65 ms 66 ms ^C
C:\Users\Administrator>tracert 8.8.8.8

Tracing route to 8.8.8.8 over a maximum of 30 hops

1 1 ms 5 ms 3 ms 192.168.1.1
2 <1 ms <1 ms <1 ms 192.168.11.10
3 98 ms 98 ms 96 ms 194.165.146.177
4 1 ms 2 ms 1 ms 212.34.1.177
5 1 ms 1 ms 1 ms 10.50.1.129
6 1 ms 1 ms 1 ms 10.50.9.69
7 3 ms 1 ms 1 ms 10.50.9.66
8 2 ms 1 ms 1 ms 213.139.51.3
9 3 ms 2 ms 2 ms 193.251.251.233
10 63 ms 59 ms 60 ms 193.251.131.114
11 66 ms 65 ms 66 ms 72.14.214.52
12 * * * Request timed out.
13 65 ms 65 ms 65 ms 8.8.8.8

Trace complete.

C:\Users\Administrator>nslookup
Default Server: Server-LFiA.LFiA.MS
Address: 192.168.11.9

> google.com
Server: Server-LFiA.LFiA.MS
Address: 192.168.11.9

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to Server-LFiA.LFiA.MS timed-out
> google.com
Server: Server-LFiA.LFiA.MS
Address: 192.168.11.9

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to Server-LFiA.LFiA.MS timed-out

balaji.bandi · ‎07-19-2019

This proves again the issue your Windows DNS Sever config

C:\Users\ahmadito>nslookup
Default Server: Server-LFiA.LFiA.MS
Address: 192.168.11.9

> yahoo.com
Server: Server-LFiA.LFiA.MS
Address: 192.168.11.9

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

If you can change your DNS Server as 8.8.8.8 you should be able to resolve DNS, and fix your Microsoft DNS Server issue, by following steps provided by MS support

To test 8.8.8.8 is working for you

from the windows Server follow below steps :

type nslookup from cmd prompt

change server

type

> server 8.8.8.8

>yahoo.com

you should be able to resolve

below example :

> server 8.8.8.8
Default Server: dns.google
Address: 8.8.8.8

> google.com
Server: dns.google
Address: 8.8.8.8

Non-authoritative answer:
Name: google.com
Addresses: 2a00:1450:4009:80f::200e
216.58.210.238

> yahoo.com
Server: dns.google
Address: 8.8.8.8

Non-authoritative answer:
Name: yahoo.com
Addresses: 2001:4998:c:1023::4
2001:4998:58:1836::11
2001:4998:44:41d::4
2001:4998:c:1023::5
2001:4998:58:1836::10

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help