Solved

Allow DNS lookups with Cisco ACL

Posted on 2006-11-20
2
343 Views
Last Modified: 2008-01-09
I currently use ACL's on my Cisco 2600 series router to block as much of what I don't want as possible.  The lines that pertain to my web server are:

access-list 116 permit tcp any host <my web IP> eq www
access-list 116 permit tcp any host <my web IP> eq 443
...followed by a "deny all"  at the end.  

Now, however, I need to allow this web server to access a few other web sites, and it appears that my only issue is that I can't get results from my ISP's DNS server.  I thought this line should do it:

access-list 116 permit udp any host <my web IP> eq domain

I can access a site by using a specific IP address, but I still can't resolve any domain names.  How do I alllow DNS with ACL's?

Thanks!
0
Comment
Question by:DBrecht
2 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 250 total points
ID: 17981013
Close.  Change it to this:

access-list 116 permit udp any eq domain host <my web IP>
0
 
LVL 2

Expert Comment

by:shekharbasnet
ID: 17985774
Or if you need a more tighter rule:

access-list 116 permit udp host <dns IP> eq domain host <my web IP>
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Can 16Mbps internet speed work on this line ? 4 76
How to setup PLEX PLUS on 2 computers 2 53
using BGP Attributes 2 83
DMVPN Spoke Connectivity Issue 1 23
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question