cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
388
Views
0
Helpful
0
Replies

DNS related problems

david-barr
Level 1
Level 1

Having problems with intermittent dns issues can't nail it down on my home network.  If you need the config. from the cisco 2950 I can post it also.  I'm able to ping by IP so that makes me think it's some sort of icmp related issue.  Even webpages seem to load slow.  Thanks in advance.

                  

C:\Users\Aadder>tracert www.bright.net

Tracing route to www.bright.net [209.143.0.18]
over a maximum of 30 hops:

  1     2 ms     2 ms     1 ms  10.2.40.1
  2     4 ms     3 ms     2 ms  10.2.50.1
  3     9 ms     9 ms     8 ms  142.254.148.93
  4    11 ms    11 ms    12 ms  ae0-1258.cr02.clmkohpe.midohio.rr.com [184.59.24
3.125]
  5    14 ms    11 ms    11 ms  65.29.1.34
  6  10.2.50.1  reports: Destination host unreachable.


Cisco:1841

Building configuration...

Current configuration : 12021 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname R01
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5
enable password 7
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip inspect name CCP_LOW cuseeme
ip inspect name CCP_LOW dns
ip inspect name CCP_LOW ftp
ip inspect name CCP_LOW h323
ip inspect name CCP_LOW sip
ip inspect name CCP_LOW https
ip inspect name CCP_LOW icmp
ip inspect name CCP_LOW imap
ip inspect name CCP_LOW pop3
ip inspect name CCP_LOW netshow
ip inspect name CCP_LOW rcmd
ip inspect name CCP_LOW realaudio
ip inspect name CCP_LOW rtsp
ip inspect name CCP_LOW esmtp
ip inspect name CCP_LOW sqlnet
ip inspect name CCP_LOW streamworks
ip inspect name CCP_LOW tftp
ip inspect name CCP_LOW tcp
ip inspect name CCP_LOW udp
ip inspect name CCP_LOW vdolive
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 10.2.10.1 10.2.10.10
ip dhcp excluded-address 10.2.30.1 10.2.30.10
!
ip dhcp pool Vlan20
   import all
   network 10.2.10.0 255.255.255.0
   default-router 10.2.10.1
   dns-server 208.67.220.220 208.67.222.222
!
ip dhcp pool Vlan30
   import all
   network 10.2.30.0 255.255.255.0
   dns-server 208.67.220.220 208.67.222.222
   default-router 10.2.30.1
!
!
no ip bootp server
ip domain name itsb.local
ip name-server 209.18.47.61
ip name-server 209.18.47.62
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
!
!
crypto pki trustpoint TP-self-signed-808243229
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-808243229
revocation-check none
rsakeypair TP-self-signed-808243229
!
!

username aadder privilege 15 password 7
!
!
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description Internal Interface$ETH-LAN$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/0.1
description Vlan Trunk$ETH-LAN$$FW_INSIDE$
encapsulation dot1Q 1 native
ip address 10.2.1.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface FastEthernet0/0.10
description Workstations$ETH-LAN$$FW_INSIDE$
encapsulation dot1Q 10
ip address 10.2.10.1 255.255.255.0
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface FastEthernet0/0.20
description Servers$ETH-LAN$$FW_INSIDE$
encapsulation dot1Q 20
ip address 10.2.20.1 255.255.255.0
ip access-group 102 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface FastEthernet0/0.30
description Wireless$ETH-LAN$$FW_INSIDE$
encapsulation dot1Q 30
ip address 10.2.30.1 255.255.255.0
ip access-group 103 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface FastEthernet0/0.40
description Management$ETH-LAN$$FW_INSIDE$
encapsulation dot1Q 40
ip address 10.2.40.1 255.255.255.0
ip access-group 104 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface FastEthernet0/1
description External Interface$ETH-WAN$$FW_OUTSIDE$
ip address 10.2.50.2 255.255.255.0
ip access-group 105 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect CCP_LOW out
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 10.2.50.1
ip flow-top-talkers
top 10
sort-by bytes
!
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip nat pool itsbarr 10.2.50.2 10.2.50.2 netmask 255.255.255.0
ip nat inside source list 2 interface FastEthernet0/1 overload
!
ip access-list standard ACL_NAT
remark CCP_ACL Category=16
permit 10.2.10.0 0.0.0.255
permit 10.2.20.0 0.0.0.255
permit 10.2.30.0 0.0.0.255
permit 10.2.40.0 0.0.0.255
!
logging trap debugging
access-list 1 remark HTTP Access-class list
access-list 1 remark CCP_ACL Category=1
access-list 1 permit 10.2.40.0 0.0.0.255
access-list 1 permit 10.2.10.0 0.0.0.255
access-list 1 permit 10.2.1.0 0.0.0.255
access-list 1 permit 10.2.20.0 0.0.0.255
access-list 1 permit 10.2.30.0 0.0.0.255
access-list 1 deny   any
access-list 2 remark CCP_ACL Category=2
access-list 2 permit 10.2.30.0 0.0.0.255
access-list 2 permit 10.2.20.0 0.0.0.255
access-list 2 permit 10.2.1.0 0.0.0.255
access-list 2 permit 10.2.10.0 0.0.0.255
access-list 2 permit 10.2.40.0 0.0.0.255
access-list 100 remark auto generated by CCP firewall configuration
access-list 100 remark CCP_ACL Category=1
access-list 100 deny   ip 10.2.40.0 0.0.0.255 any
access-list 100 deny   ip 10.2.10.0 0.0.0.255 any
access-list 100 deny   ip 10.2.20.0 0.0.0.255 any
access-list 100 deny   ip 10.2.50.0 0.0.0.255 any
access-list 100 deny   ip 10.2.30.0 0.0.0.255 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by CCP firewall configuration
access-list 101 remark CCP_ACL Category=1
access-list 101 deny   ip 10.2.40.0 0.0.0.255 any
access-list 101 deny   ip 10.2.1.0 0.0.0.255 any
access-list 101 deny   ip 10.2.20.0 0.0.0.255 any
access-list 101 deny   ip 10.2.50.0 0.0.0.255 any
access-list 101 deny   ip 10.2.30.0 0.0.0.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any
access-list 102 remark auto generated by CCP firewall configuration
access-list 102 remark CCP_ACL Category=1
access-list 102 deny   ip 10.2.40.0 0.0.0.255 any
access-list 102 deny   ip 10.2.10.0 0.0.0.255 any
access-list 102 deny   ip 10.2.1.0 0.0.0.255 any
access-list 102 deny   ip 10.2.50.0 0.0.0.255 any
access-list 102 deny   ip 10.2.30.0 0.0.0.255 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip any any
access-list 103 remark auto generated by CCP firewall configuration
access-list 103 remark CCP_ACL Category=1
access-list 103 deny   ip 10.2.40.0 0.0.0.255 any
access-list 103 deny   ip 10.2.10.0 0.0.0.255 any
access-list 103 deny   ip 10.2.1.0 0.0.0.255 any
access-list 103 deny   ip 10.2.20.0 0.0.0.255 any
access-list 103 deny   ip 10.2.50.0 0.0.0.255 any
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 permit ip any any
access-list 104 remark auto generated by CCP firewall configuration
access-list 104 remark CCP_ACL Category=1
access-list 104 permit tcp 10.2.40.0 0.0.0.255 host 10.2.40.1 eq 22
access-list 104 permit tcp 10.2.40.0 0.0.0.255 host 10.2.40.1 eq 443
access-list 104 permit tcp 10.2.40.0 0.0.0.255 host 10.2.40.1 eq cmd
access-list 104 deny   tcp any host 10.2.40.1 eq telnet
access-list 104 deny   tcp any host 10.2.40.1 eq 22
access-list 104 deny   tcp any host 10.2.40.1 eq www
access-list 104 deny   tcp any host 10.2.40.1 eq 443
access-list 104 deny   tcp any host 10.2.40.1 eq cmd
access-list 104 deny   udp any host 10.2.40.1 eq snmp
access-list 104 deny   ip 10.2.10.0 0.0.0.255 any
access-list 104 deny   ip 10.2.1.0 0.0.0.255 any
access-list 104 deny   ip 10.2.20.0 0.0.0.255 any
access-list 104 deny   ip 10.2.50.0 0.0.0.255 any
access-list 104 deny   ip 10.2.30.0 0.0.0.255 any
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 permit ip any any
access-list 105 remark auto generated by CCP firewall configuration
access-list 105 remark CCP_ACL Category=1
access-list 105 deny   ip 10.2.40.0 0.0.0.255 any
access-list 105 deny   ip 10.2.10.0 0.0.0.255 any
access-list 105 deny   ip 10.2.1.0 0.0.0.255 any
access-list 105 deny   ip 10.2.20.0 0.0.0.255 any
access-list 105 deny   ip 10.2.30.0 0.0.0.255 any
access-list 105 permit icmp any host 10.2.50.2 echo-reply
access-list 105 permit icmp any host 10.2.50.2 time-exceeded
access-list 105 permit icmp any host 10.2.50.2 unreachable
access-list 105 deny   ip 10.0.0.0 0.255.255.255 any
access-list 105 deny   ip 172.16.0.0 0.15.255.255 any
access-list 105 deny   ip 192.168.0.0 0.0.255.255 any
access-list 105 deny   ip 127.0.0.0 0.255.255.255 any
access-list 105 deny   ip host 255.255.255.255 any
access-list 105 deny   ip host 0.0.0.0 any
access-list 105 deny   ip any any log
access-list 106 remark Auto generated by SDM Management Access feature
access-list 106 remark CCP_ACL Category=1
access-list 106 permit ip 10.2.40.0 0.0.0.255 any
access-list 107 remark Auto generated by SDM Management Access feature
access-list 107 remark CCP_ACL Category=1
access-list 107 permit ip 10.2.40.0 0.0.0.255 any
no cdp run
!
!
control-plane
!
banner login ^CWarning Unauthorized Use Prohibited^C
!
line con 0
password 7
login authentication local_authen
transport output telnet
line aux 0
password 7

login authentication local_authen
no exec
transport output telnet
line vty 0 4
access-class 106 in
password 7

authorization exec local_author
login authentication local_authen
transport input ssh
transport output ssh
line vty 5 15
access-class 107 in
password 7

authorization exec local_author
login authentication local_authen
transport input ssh
transport output ssh
!
scheduler allocate 4000 1000
end

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco