07-12-2011 11:17 PM - edited 03-07-2019 01:11 AM
Hello everyone,
I have a bunch of sites with Cisco Routers that are VPN'd to our central location to use our Windows Small Business Server (Active Directory, DNS). I have setup the Cisco Router as follows:
ip domain-lookup
ip dns view default
dns forwarder 172.16.1.10 !-- Local DNS Server (Active Directory)
dns forwarder 8.8.8.8 !-- Google Public DNS (for redundancy)
ip dns view-list dns-view
view default 10
ip dns server view-group dns-view
ip dns server
Everything works good, but when I cut connectivity to the server, it takes about 5-8 seconds for Internet Domain Names to resolve. This is VERY slow, as it does this for EVERY single name that gets queried. Is there a way to make this faster? When the Local Server is reachable, names are resolved almost instantly.
I'm hoping to get this working in the morning.. Desperately need help; will rate!
Thank you in advance!
Solved! Go to Solution.
07-13-2011 07:08 AM
DNS query to internal DNS servers via the Tunnel, and all other DNS queries to the ISP Public DNS servers. Access list 101 is part of the inbound ACL assigned to the Dialer0 interface.
interface BVI1
ip dns view-group mycomp_viewlist
ip dns view mycomp
domain name-server x.x.x.x
domain name-server x.x.x.x
dns forwarder x.x.x.x
dns forwarder x.x.x.x
dns forwarding source-interface BVI1
ip dns view default
domain name-server x.x.x.x
domain name-server x.x.x.x
dns forwarder x.x.x.x
dns forwarder x.x.x.x
dns forwarding source-interface BVI1
ip dns view-list default
ip dns view-list mycomp_viewlist
view mycomp 5
restrict name-group 10
view default 10
ip dns name-list 10 permit .*.mycomp.com
ip dns server
access-list 101 permit udp host x.x.x.x eq domain any gt 1023
access-list 101 permit udp host x.x.x.x eq domain any gt 1023
07-13-2011 01:53 AM
ip dns view default
dns forwarding timeout 1
dns forwarding retry 1
That's about as fast as you can make it, but that will still be pretty slow.
07-13-2011 06:55 AM
This command appears to only be useable on 15.0(1) IOS and higher... One of our 881s has 15.0 so I'll test it on that router later... Thanks!
Does anyone else have any suggestions on how to make DNS resolving faster for 2 forwarders?? 5-10 second wait time is unacceptable for our network, 1-2 second = OKAY.
07-13-2011 07:08 AM
DNS query to internal DNS servers via the Tunnel, and all other DNS queries to the ISP Public DNS servers. Access list 101 is part of the inbound ACL assigned to the Dialer0 interface.
interface BVI1
ip dns view-group mycomp_viewlist
ip dns view mycomp
domain name-server x.x.x.x
domain name-server x.x.x.x
dns forwarder x.x.x.x
dns forwarder x.x.x.x
dns forwarding source-interface BVI1
ip dns view default
domain name-server x.x.x.x
domain name-server x.x.x.x
dns forwarder x.x.x.x
dns forwarder x.x.x.x
dns forwarding source-interface BVI1
ip dns view-list default
ip dns view-list mycomp_viewlist
view mycomp 5
restrict name-group 10
view default 10
ip dns name-list 10 permit .*.mycomp.com
ip dns server
access-list 101 permit udp host x.x.x.x eq domain any gt 1023
access-list 101 permit udp host x.x.x.x eq domain any gt 1023
07-13-2011 07:29 AM
Okay, will try this!
Can you break it down a bit more though, im confused what name-group 10 and acl 101 are doing?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide