Link to home
Start Free TrialLog in
Avatar of aej1973
aej1973

asked on

router unable to resolve domain name...

Hi, I have a cisco 2621 router and I have a few issues:

1. I am unable to ping any  public IP address from within the router
2. The router is not resolving domain names.

My config is attached. Could you let me know what I need to do to resolve these two issues? Thank you.
routerConfig.txt
Avatar of asavener
asavener
Flag of United States of America image

ip access-list extended FW-F0/0-v1
permit tcp any host 12.104.x.x eq telnet log
permit udp host 12.127.17.71 host 12.104.x.x eq dns
permit udp host 12.127.17.71 eq dns host 12.104.x.x
permit udp host 12.127.16.67 host 12.104.x.x eq dns
permit udp host 12.127.16.67 eq dns host 12.104.x.x
deny   ip 127.0.0.0 0.255.255.255 any log
deny   ip 192.168.0.0 0.0.0.255 any log
deny   ip 172.10.0.0 0.0.255.255 any log
deny   ip host 0.0.0.0 any log
permit ip any any

interface f0/0
ip access-group FW-F0/0-v1 in
Avatar of aej1973
aej1973

ASKER

asavener, could you please explain this; this is the same access list 110 I have that is applied to the f0/0 interface. What is the difference? Thank you.

A
I added lines to allow UDP/53 (the port used for DNS name resolution).

You can continue to use a numbered access list, if you wish.  I just find named access lists to be easier.  (you can insert lines)
Avatar of aej1973

ASKER

What I am seeing is that even if I remove all the ACL's I am seeing the same result. Not sure what to do?
Verify that you can traceroute to the name servers you have defined in your configuration.

Use a windows client to see if name resolution works when using those servers.

c:\nslookup.exe
>server <serverip>
>google.com

<see if it resolves successfully.>
Avatar of aej1973

ASKER

> server 12.127.17.71
Default Server:  dns-rs1.bgtmo.ip.att.net
Address:  12.127.17.71

> 12.127.16.67
Server:  dns-rs1.bgtmo.ip.att.net
Address:  12.127.17.71

Name:    rmtu.mt.rs.els-gms.att.net
Address:  12.127.16.67

>
and can you ping those addresses from the router?
Avatar of aej1973

ASKER

No, I am unable to ping any public Ip from within the router.
OK, that appears to be your problem.  You need to provide the router with Internet access, or change the name servers to your internal DNS servers.
Avatar of aej1973

ASKER

Well, I have a complete network connected through this router and every computer on the network can access the internet. What setting will I need to change on the router to ping from the router? Thank you.
OK.  I'm beginning to suspect an issue with NAT rules, then.

Try removing your NAT rules and then see if name resolution works.
Avatar of aej1973

ASKER

Well, if I remove my Nat then my complete network is going to go down. Could you let me know what specifically you need me to try? Thank you.

A
In particular, I'm concerned about this command:

ip nat inside source static 172.10.79.10 12.49.x.x

Is the 12.49.x.x address the same address as your router?  If so, the returning DNS queries will actually be sent to the 172.10.79.10 device, and not read by the router itself.

Probably the best fix is to use your internal DNS server instead of your ISP name servers.
Avatar of aej1973

ASKER

What will be my internal name servers?
Don't you have an internal DNS server that you use for your client devices?  A windows domain controller or somesuch?
Avatar of aej1973

ASKER

My DNS servers are 12.127.17.71 and 12.127.16.67
ASKER CERTIFIED SOLUTION
Avatar of asavener
asavener
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of aej1973

ASKER

Thank you, that was the issue....