cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8456
Views
4
Helpful
4
Replies

Router DNS Forwarding Problem

Steven Tolzmann
Level 1
Level 1

Hello everyone,

I have a bunch of sites with Cisco Routers that are VPN'd to our central location to use our Windows Small Business Server (Active Directory, DNS). I have setup the Cisco Router as follows:

ip domain-lookup

ip dns view default

dns forwarder 172.16.1.10  !-- Local DNS Server (Active Directory)

dns forwarder 8.8.8.8   !-- Google Public DNS (for redundancy)

ip dns view-list dns-view

view default 10

ip dns server view-group dns-view

ip dns server

Everything works good, but when I cut connectivity to the server, it takes about 5-8 seconds for Internet Domain Names to resolve. This is VERY slow, as it does this for EVERY single name that gets queried. Is there a way to make this faster? When the Local Server is reachable, names are resolved almost instantly.

I'm hoping to get this working in the morning.. Desperately need help; will rate!

Thank you in advance!

1 Accepted Solution

Accepted Solutions

Jhopper1313
Level 1
Level 1

DNS query to internal DNS servers via the Tunnel, and all other DNS queries to the ISP Public DNS servers.  Access list 101 is part of the inbound ACL assigned to the Dialer0 interface.

interface BVI1

ip dns view-group mycomp_viewlist

ip dns view  mycomp

domain name-server  x.x.x.x

domain name-server   x.x.x.x

dns forwarder x.x.x.x

dns forwarder x.x.x.x

dns forwarding source-interface BVI1

ip dns view default

domain  name-server  x.x.x.x

domain name-server  x.x.x.x

dns  forwarder x.x.x.x

dns forwarder x.x.x.x

dns forwarding  source-interface BVI1

ip dns view-list default

ip dns view-list  mycomp_viewlist

view mycomp 5

  restrict name-group 10

view  default 10

ip dns name-list 10 permit .*.mycomp.com

ip dns server

access-list  101 permit udp host x.x.x.x eq domain any gt 1023

access-list 101  permit udp host x.x.x.x eq domain any gt 1023

View solution in original post

4 Replies 4

sylvain.munaut
Level 1
Level 1

ip dns view default

dns forwarding timeout 1

dns forwarding retry 1

That's about as fast as you can make it, but that will still be pretty slow.

This command appears to only be useable on 15.0(1) IOS and higher... One of our 881s has 15.0 so I'll test it on that router later... Thanks!

Does anyone else have any suggestions on how to make DNS resolving faster for 2 forwarders?? 5-10 second wait time is unacceptable for our network, 1-2 second = OKAY.

Jhopper1313
Level 1
Level 1

DNS query to internal DNS servers via the Tunnel, and all other DNS queries to the ISP Public DNS servers.  Access list 101 is part of the inbound ACL assigned to the Dialer0 interface.

interface BVI1

ip dns view-group mycomp_viewlist

ip dns view  mycomp

domain name-server  x.x.x.x

domain name-server   x.x.x.x

dns forwarder x.x.x.x

dns forwarder x.x.x.x

dns forwarding source-interface BVI1

ip dns view default

domain  name-server  x.x.x.x

domain name-server  x.x.x.x

dns  forwarder x.x.x.x

dns forwarder x.x.x.x

dns forwarding  source-interface BVI1

ip dns view-list default

ip dns view-list  mycomp_viewlist

view mycomp 5

  restrict name-group 10

view  default 10

ip dns name-list 10 permit .*.mycomp.com

ip dns server

access-list  101 permit udp host x.x.x.x eq domain any gt 1023

access-list 101  permit udp host x.x.x.x eq domain any gt 1023

Okay, will try this!

Can you break it down a bit more though, im confused what name-group 10 and acl 101 are doing?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: