• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 675
  • Last Modified:

I have DNS Issues with my UC560

I recently deployed a UC560 box for a client, the client uses a modem that assigns ip address and dns addresses to it automatically. Initially everything was fine, the PC's on the LAN were all browsing, but two days ago, i got a call and was told the PCs could no longer browse the internet, i did all the checks everything was fine, so i decided to ping the dns ip addresses, no replies. When i connected a laptop directly to the ISP modem, it browses fine. But i still could not ping the dns addresses from the laptop. Please what could be the issue?
0
Teshoma
Asked:
Teshoma
  • 11
  • 7
  • 4
  • +1
1 Solution
 
SteveNetwork ManagerCommented:
Ping is not a definative tool for testing..

We block all ping (icmp) requests, so pinging our servers would also yield no results..

you're better off doing a nslookup against that IP address to see if DNS is actually working or not on that machine..

http://network-tools.com/nslook/

(there's heaps of them around)..

this will tell you is DNS is actually working or not.. if its not.. simply add or change to another DNS server ? or contact the host and report it..

if however the server IS working and responding correctly, then the issue could be many other things.. there could be a firewall in between that has been changed ?



0
 
TeshomaAuthor Commented:
I agree with you, apart from pinging, i did nslookup for the ip addresses on ping.eu and even telnetted into the dns server. The message was that it is not available. I tried using 4.2.2.2 on the UC560 and it still did not work.
0
 
genesys2001ukCommented:
There are loads of free DNS server on the internet that will allow you to query them.

or look for the root nameservers (been a while but I think a.nic.uk was one)?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
greg wardCommented:
The modem is still working but the pc's are plugged into the uc560 and not working. < what i think the problem is.
on the router ping 4.2.2.1 or .2
does that work?
if it does please post config without passwords.
if not reboot both devices and try again.

Greg
0
 
TeshomaAuthor Commented:
Hi,

Yes it pings when i ping that ip address on the router, i can even ping www.yahoo.com, using the name and not the ip address. i am attaching the router config file.

thank you
VESL-UC.txt
0
 
greg wardCommented:
Remove that
ip inspect name SDM_LOW https

and replace with tcp

see if that fixes it.

Greg
0
 
greg wardCommented:
sorry thats wrong
you have dns server running so use this

just change the dns to point to your uc520 in dhcp and add
ip name-server 4.2.2.1
ip name-server another dns server.

Greg
0
 
TeshomaAuthor Commented:
Already did that. The dns is not showing here, because it obtains it automatically with the ip address from the isp. I will try 4.2.2.1 now. i used 4.2.2.2 and it did not work then, will try again.

thanks
0
 
greg wardCommented:
ip dhcp pool data
   import all
   network 192.168.10.0 255.255.255.0
   default-router 192.168.10.1
dns-server 192.168.10.1  << add this

then your dns is all done by the router.

Greg
0
 
TeshomaAuthor Commented:
Okay, i will do that. Thank you so much, will let you know the outcome
0
 
greg wardCommented:
if that does not work we will remove dns inspection and add udp inspection
then add a static allow for your dns server...
blocking all other dns

Greg
0
 
SteveNetwork ManagerCommented:
I'd be removing the inspection first to see if its causing the issue..

its a simple test (below)..

if it fixes the problem then it has to be an inspection ruleset that is triggering.. and you can move through the list disabling them one at a time..


interface GigabitEthernet0/0
 no ip inspect SDM_LOW out
exit

Open in new window

0
 
TeshomaAuthor Commented:
The thing is, when i set it up initially, it worked fine, with all those rules in it. Can everything suddenly just change?
0
 
SteveNetwork ManagerCommented:
yep.. because they are inspect rules etc they 'react' to situations.. so for example if suddenly there is a flood of requests or in your case more likely a flood of dns responses due to many workstation requests the standard inspect rulesets get triggered.. what you might find is that it works sometimes and then for no reason stops working again ? thats the inspect rules in action..

personally.. unless you're getting a LOT of attacks a good set of ACLs will protect you better (except for DDOS attacks etc ) than the inspect rulesets.. i find them to be more trouble than their worth on small sites IMHO...

0
 
TeshomaAuthor Commented:
Okay, kool. I will try that as well and let you know the outcome.
0
 
TeshomaAuthor Commented:
Hello all, thanks so much for all the help yesterday, unfortunately it still wont work, so i am resetting everything to factory setting and starting all over again and hope no one tempers with the config when i am done, because i am beginning to suspect that, that was what happened.
0
 
greg wardCommented:
what you might find is that it works sometimes and then for no reason stops working again ? thats the inspect rules in action..

I have to agree with the above statement.
You have to make sure you are up to date with the ios version and if that does not work use tricks to get round certain bits that dont work for you.

Good luck with the new config.

Greg
0
 
TeshomaAuthor Commented:
Hello, i did a fresh configuration, the systems browse now, but only if they are not connected to the windows domain on the network. Are there any know issues with running a windows domain on a network that has Cisco small business systems?
0
 
TeshomaAuthor Commented:
Hello, any new suggestion, the system was fine for a while, now it is having the same issues again. And this time it is not just this site, a deployed the same thing on another site, i got a call today that some users can connect to the  internet and others cannot. I will be there in a bit to find out exactly what the problem is this time. The phones are working great this time.
0
 
greg wardCommented:
did you try my idea?
set the server up as dns
and set up specific allows for dns


Greg
0
 
SteveNetwork ManagerCommented:
can you post up your config now you have reset it ?
0
 
TeshomaAuthor Commented:
Hello,

It was a different issue this time, i got the wrong report, so i went there to see things for myself, their internet went down.
The initial problems i think has been sorted out, it was a layer 1 issue, the cabling infrastructure had problems.

Thanks.

0
 
TeshomaAuthor Commented:
Fixing the layer 1 issues solved the problem.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 11
  • 7
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now