Thanks for your answer. However, the problem is the same with or without the default route set. Any further ideas?

NB:

I have added the default route by

# ip route 0.0.0.0 0.0.0.0 192.168.0.1

Strangely, when using the interface instead of 192.168.0.1, ping into internet doesn't work. Anyway, the default route should be set by DHCP from the 192.168.0.1 router, right?

In my setup, 192.168.22.1 is not a name-server.

That's a good point. But I wanted to keep the setup as open as possible until the DNS-Issue is solved.

I've seen routers have issues when you have the "any any" line configured for natting. If you have a single subnet on the lan side, then doing "permit ip 192.168.22.0 0.0.0.255 any" is effectively the same thing. Have you done this yet?

Yes, I have (I had to change the number of the access-list to at least 100).

It didn't solve the problem.

Okay...

Can you post:

sh ip nat trans

Can you resolve from the router? You have name servers set up, so can you try to ping www.google.com and see if that's successful from the router?

Thanks!

John

This is the "sh ip nat trans" output from a nslookup query run on a local linux machine:

Pro Inside global      Inside local       Outside local      Outside global

udp 192.168.0.89:35742 192.168.22.2:35742 217.70.142.66:53   217.70.142.66:53

udp 192.168.0.89:43202 192.168.22.2:43202 217.20.112.194:53  217.20.112.194:53

udp 192.168.0.89:52408 192.168.22.2:52408 217.20.112.194:53  217.20.112.194:53

udp 192.168.0.89:53609 192.168.22.2:53609 217.70.142.66:53   217.70.142.66:53

udp 192.168.0.89:57384 192.168.22.2:57384 80.69.98.110:53    80.69.98.110:53

udp 192.168.0.89:60834 192.168.22.2:60834 80.69.98.110:53    80.69.98.110:53

The nslookup output is:

;; Got recursion not available from 80.69.98.110, trying next server

;; Got SERVFAIL reply from 217.20.112.194, trying next server

;; Got recursion not available from 80.69.98.110, trying next server

;; Got SERVFAIL reply from 217.20.112.194, trying next server

Server:        217.70.142.66

Address:    217.70.142.66#53

** server can't find heise.de.intern: SERVFAIL

From the router, addresses can be resolved.

Very good point. Obviously my addresses were sort of broken. Thanks!

I'm only wondering why DNS-resolving is working on the Router? Maybe it automatically uses a different server obtained by DHCP?

Is there maybe a way to let the dns-servers be configured automatically, so that I don't have to bother about correctness?

What is handing out the DHCP addresses ? is it your router ?

I am slightly confused because i assume you are handing out the same DNS servers that your router is using ? Is this not the case ?

As to your answer about doing it automatically, not really. You need to enter the correct public DNS servers into the DHCP scope so your clients get the correct address.

The alternative approach which is quite common is to have a server(s) internally for DHCP and DNS. Your clients then use the internal server for DNS. This server is then configured to forward DNS queries to your ISP DNS servers. However you still need to configure correct DNS servers on the internal DNS server.

Which one you use really depends on the size of your network etc. A large network will usually have a lot of internal servers etc. which need to be resolved so you have internal DNS servers for this and configure them to forward unknown DNS queries to your ISP.

Jon