Solved

Allow DNS lookups with Cisco ACL

Posted on 2006-11-20
2
345 Views
Last Modified: 2008-01-09
I currently use ACL's on my Cisco 2600 series router to block as much of what I don't want as possible.  The lines that pertain to my web server are:

access-list 116 permit tcp any host <my web IP> eq www
access-list 116 permit tcp any host <my web IP> eq 443
...followed by a "deny all"  at the end.  

Now, however, I need to allow this web server to access a few other web sites, and it appears that my only issue is that I can't get results from my ISP's DNS server.  I thought this line should do it:

access-list 116 permit udp any host <my web IP> eq domain

I can access a site by using a specific IP address, but I still can't resolve any domain names.  How do I alllow DNS with ACL's?

Thanks!
0
Comment
Question by:DBrecht
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 250 total points
ID: 17981013
Close.  Change it to this:

access-list 116 permit udp any eq domain host <my web IP>
0
 
LVL 2

Expert Comment

by:shekharbasnet
ID: 17985774
Or if you need a more tighter rule:

access-list 116 permit udp host <dns IP> eq domain host <my web IP>
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Building small business network 4 106
SolarWinds reporting 2 31
Tools to detect weak WiFi routers prior connecting to it 14 145
The purpose of using BGP 33 128
New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question