• Status: Solved
  • Priority: High
  • Security: Public
  • Views: 156
  • Last Modified:

Cisco router as a DNS server

I have the following config but however I cannot display any internet pages from a client machine and or ping from a client machine. All pings from the cisco router works and I get a reply however from the client it fails





 

ip access-list standard RFC1918-dns
 permit 10.23.72.0.255.255.255

 

ip dns name-list 1 permit .*
 

ip dns view default
 domain name-server 71.242.0.12
 domain name-server 71.242.0.13
 domain name SOMECOMPANY.LAN
 dns forwarding source-interface GigabitEthernet0/0


ip dns view-list LAN
 view default 1
  restrict source access-group RFC1918-dns
  restrict name-group 1
 

ip dns server view-group LAN
ip dns server


Pinging yahoo.com [98.138.252.38] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 98.138.252.38:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\ping foxnews.com

Pinging foxnews.com [104.92.16.8] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 104.92.16.8:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
0
techdrive
Asked:
techdrive
  • 6
  • 4
  • 2
1 Solution
 
JustInCaseCommented:
Most likely you have issue other than DNS. According to output DNS resolved web names to IP addresses, but ping is not working. For start, check your NAT configuration.
0
 
masnrockCommented:
Have you tried using traceroute? Also, is there anything like a proxy present?
0
 
techdriveAuthor Commented:
I reconfigured the router from scratch and now this is even worse. Can you guys confirm the steps to setup DNS and have the cisco 1941 router to act as a client and a server please.

C:\Users\tracert 10.23.72.1

Tracing route to 10.23.72.1 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  10.23.72.1

Trace complete.

C:\Users\tracert yahoo.com
Unable to resolve target system name yahoo.com.

C:\Users\ping foxnews.com
Ping request could not find host foxnews.com. Please check the name and try again.


Pinging from the router

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.23.72.19, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
RTR-MAIN-GIG-BALT-01>ping yahoo.com
Translating "yahoo.com"...domain server (71.242.0.12) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 98.138.252.38, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/39/48 ms
RTR-MAIN-GIG-BALT-0>
1
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
JustInCaseCommented:
Now DNS is not working. :)
0
 
masnrockCommented:
Yeah, it's definitely something in your configuration. RIght now I am looking at this:
ip access-list standard RFC1918-dns
 permit 10.23.72.0.255.255.255

Open in new window


Is that what you truly currently have? Seems like it should be more like this:
ip access-list standard RFC1918-dns
 permit 10.23.72.0 0.255.255.255

Open in new window


That's a start for fixing your configuration...
0
 
techdriveAuthor Commented:
I got the samething
0
 
techdriveAuthor Commented:
Here are the commands I am using

ip access-list standard RFC1918-dns
 permit 10.23.72.0 0.255.255.255

ip dns view default
 domain name-server 71.0.242.12
 domain name-server 71.0.242.12

ip dns view-list LAN
 view default 1
  restrict source access-group RFC1918-dns
  restrict name-group 1

ip dns server view-group LAN
ip dns server
0
 
techdriveAuthor Commented:
Here is a copy of my config file on my router

Current configuration : 2606 bytes
!
! Last configuration change at 02:00:18 UTC Mon Dec 11 2017
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
memory-size iomem 25
service-module wlan-ap 0 bootimage autonomous
!
ip cef
!

!
ip dhcp excluded-address 10.23.72.100 10.23.72.150
!
ip dhcp pool big10
 network 10.23.72.0 255.255.255.0
 domain-name SOMECOMPANY.LAN
 dns-server 10.23.72.1
 default-router 10.23.72.1
 lease 3
!
!
!
ip host RTR-MAIN-GIG-BASEM-0.SOMECOMPANY.LAN 10.23.72.1
ip host util-srv-01.SOMECOMPANY.LAN 10.23.72.30
ip host DESKTOP-3OD3ANR.SOMECOMPANY.LAN 10.23.72.23
ip host RTR-MAIN-GIG-BASMT-2.SOMECOMPANY.LAN 10.23.72.2
ip host RTR-MAIN-FE100-BASMT-1.SOMECOMPANY.LAN 10.23.72.3
ip name-server 71.242.0.12
ip name-server 68.237.161.12
no ipv6 cef
multilink bundle-name authenticated
!
license udi pid CISCO1941W-A/K9 sn FTX1741828V
hw-module ism 0
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address dhcp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface wlan-ap0
 description Service module interface to manage the embedded AP
 no ip address
 shutdown
 arp timeout 0
 no mop enabled
 no mop sysid
!
interface GigabitEthernet0/1
 ip address 10.23.72.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface Wlan-GigabitEthernet0/0
 description Internal switch interface connecting to the embedded AP
 no ip address
!
interface Serial0/0/0
 no ip address
 shutdown
!
interface Serial0/1/0
 no ip address
 shutdown
!
interface Vlan1
 no ip address
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip dns view default
 domain name TRANFORMERS.LAN
 domain name-server  71.242.0.13
 dns forwarding source-interface GigabitEthernet0/0
ip dns view-list LAN
 view default 1
  restrict source access-group RFC1918-dns
  restrict name-group 1
ip dns name-list 1 permit 1 .*
ip dns server view-group LAN
ip dns server
!
ip access-list standard RFC1918-DNS
 permit 10.23.72.0 0.255.255.255
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line 67
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line 67
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
 login
 transport input all
!
scheduler allocate 20000 1000
!
end

Open in new window

0
 
JustInCaseCommented:
You are missing at least 2 details:
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip nat inside source list NAT-LIST interface gi0/0 overload
!
ip access-list standard NAT-LIST
 permit 10.23.72.0 0.0.0.255

Open in new window

and now there is a typo - names of ACLs are case sensitive

ip dns view-list LAN
 view default 1
  restrict source access-group RFC1918-dns
!
ip access-list standard RFC1918-DNS
 permit 10.23.72.0 0.255.255.255

10.23.72.1 should be also  excluded IP address from DHCP.
1
 
techdriveAuthor Commented:
THANK YOU THANK YOU THANK YOU THANK YOU. I have learned so many things and I really appreciate your help .Thank you it works. I am so tickled.
0
 
techdriveAuthor Commented:
OUTSTANDING WORK
0
 
JustInCaseCommented:
You're welcome.
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 6
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now