Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7289
Views
20
Helpful
3
Replies

Bad DNS Query

Go to solution
12azb
Level 1
Level 1

‎11-21-2014 11:30 PM

Hello there, I am having infinite messages on my gateway router and the connection mill totally slow down. Would you please help?

The following are part of the messages displaying on the router.

Nov 22 06:59:02.846: %DNSSERVER-3-BADQUERY: Bad DNS query from 42.3.151.198
Nov 22 06:59:02.974: %DNSSERVER-3-BADQUERY: Bad DNS query from 111.193.196.204
Nov 22 06:59:06.146: %DNSSERVER-3-BADQUERY: Bad DNS query from 219.106.240.238
Nov 22 06:59:06.294: %DNSSERVER-3-BADQUERY: Bad DNS query from 145.255.176.101

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
ghostinthenet
Level 7
Level 7

‎11-25-2014 11:57 AM

It looks like you have a DNS server on your router and it's being bombarded with requests from the outside world. If you have no need for the router to be a DNS server, turn it of with the "no ip dns server" configuration command. If you need internal DNS to be served by the router, but have no requirement to provide DNS to the Internet, I would deny DNS requests on the inbound ACL of your Internet-facing interfaces. If, for whatever reason, you do have such a requirement, I would set up control-plane policing to ensure that your router isn't being overloaded.

View solution in original post

Go to solution
ghostinthenet
Level 7
Level 7
In response to 12azb

‎11-30-2014 08:20 PM

Sure. On the inbound ACL, you can add two lines like this:

deny tcp any any eq 53
deny udp any any eq 53

As long as you're not actually hosting a DNS server that needs to be reachable from the Internet, that will do.

View solution in original post

3 Replies 3

Go to solution
ghostinthenet
Level 7
Level 7

‎11-25-2014 11:57 AM

It looks like you have a DNS server on your router and it's being bombarded with requests from the outside world. If you have no need for the router to be a DNS server, turn it of with the "no ip dns server" configuration command. If you need internal DNS to be served by the router, but have no requirement to provide DNS to the Internet, I would deny DNS requests on the inbound ACL of your Internet-facing interfaces. If, for whatever reason, you do have such a requirement, I would set up control-plane policing to ensure that your router isn't being overloaded.

Go to solution
12azb
Level 1
Level 1
In response to ghostinthenet

‎11-29-2014 04:58 AM

Thank you very much for your reply. Now I have removed dns service from my router and shifted to an other windows server. But would you please give me hint how I can deny DNS requests on the inbound ACL?

Regards

0 Helpful

Go to solution
ghostinthenet
Level 7
Level 7
In response to 12azb

‎11-30-2014 08:20 PM

Sure. On the inbound ACL, you can add two lines like this:

deny tcp any any eq 53
deny udp any any eq 53

As long as you're not actually hosting a DNS server that needs to be reachable from the Internet, that will do.

Customers Also Viewed These Support Documents