Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
144974
Views
110
Helpful
8
Replies

NO ip-domain lookup

dbuckley77
Level 1
Level 1

‎05-26-2015 11:15 AM - edited ‎03-08-2019 12:11 AM

Is it best practice to disable ip domain lookup on switches and routers.  I see the ip name server commands issued but should I also issue the no ip-domain lookup as well and why or why not?

3 people had this problem
Labels:
8 Replies 8

Peter Paluch
Cisco Employee
Cisco Employee

‎05-26-2015 11:43 AM

Hi,

The no ip domain lookup command is usually seen in configurations. By default, any single word entered on a command line that is not recognized as a valid command is considered as a hostname by the router, and the router will by default try to telnet to that hostname. This is extremely annoying, especially when you do a simple typo, as the router will try to translate that typo into an IP address. If you do not have a DNS server configured, the command line will stall for several seconds until the DNS request times out.

Quite frankly, it does not make much sense to have both ip name-server and no ip domain lookup configured. The no ip domain lookup tells the router to stop interacting with any DNS servers entirely. Having a DNS server configured is then a useless thing because it is not going to be used, anyway.

What could be considered a more proper way of doing things, however, is this: Have the DNS server configured using the ip name-server command, and at the same time, on all lines (con 0, aux 0, vty 0 15), deactivate the automatic action of telnetting into all "words" that look like hostnames:

line con 0
 transport preferred none
line aux 0
 transport preferred none
line vty 0 15
 transport preferred none

This way, you can have your cake, and eat it, too :)

Best regards,
Peter

John Hobbs
Level 1
Level 1
In response to Peter Paluch

‎10-27-2018 03:20 PM

Great explanation, Peter! Thanks!
John Hobbs
Houston, TX USA
- a Friendly American
0 Helpful

dixy
Level 1
Level 1
In response to Peter Paluch

‎02-28-2019 05:02 AM

Thanks for explanation! Great for novice! Great for me!

0 Helpful

priyanka.11
Level 1
Level 1
In response to Peter Paluch

‎11-29-2019 07:00 PM

thanks much!

0 Helpful

Hossam Abdelmagid
Level 1
Level 1
In response to Peter Paluch

‎02-27-2020 06:50 AM

Hi Peter,

 

It's really a great explanation, but I think we still need to configure ip domain-name command in case that we need to enable ssh on the switch/ router. So it does make sense sometimes to enable ip domain-name to be used later on for ssh configuration and then put no ip domain lookup command to stop the router or switch from querying dns for typo.

 

Regards,

Hossam

Cristian Matei
VIP Alumni
VIP Alumni
In response to Hossam Abdelmagid

‎03-01-2020 03:55 PM

Hi,

  

   You don't need to configure a domain name to generate SSH keys. The SSH keys need a label/name (in order to be later recalled from other containers, like crypto trustpoints), and unless you specify the label when you generate the keys, it will take the "hostname.domain-name" label, thus the so called requirement to configure domain-name.

   Go on a device, don't configure domain-name, and generate the keys but specify a label when doing it. It will work.

 

Regards,

Cristian Matei.

ShahGul
Level 1
Level 1
In response to Peter Paluch

‎06-24-2020 06:16 AM

You explained well, thanks.

0 Helpful

Hannes Iversen
Level 1
Level 1

‎04-02-2023 04:50 AM

Really nice explanation from Peter!

0 Helpful
Customers Also Viewed These Support Documents
Top