Configuring DNS on Cisco Routers



Similar documents
Configuring Static and Dynamic NAT Simultaneously

Configuring the Cisco Secure PIX Firewall with a Single Intern

ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example

Table of Contents. Cisco Using the Cisco IOS Firewall to Allow Java Applets From Known Sites while Denying Others

Cisco Configuring Commonly Used IP ACLs

Sample Configuration Using the ip nat outside source static

Configuring a Gateway of Last Resort Using IP Commands

ASA 8.3 and Later: Mail (SMTP) Server Access on Inside Network Configuration Example

PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

BRI to PRI Connection Using Data Over Voice

Sample Configuration Using the ip nat outside source list C

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

Table of Contents. Cisco Configuring IPSec Cisco Secure VPN Client to Central Router Controlling Access

Firewall Stateful Inspection of ICMP

Document ID: Introduction

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example

PIX/ASA 7.x and above: Mail (SMTP) Server Access on the DMZ Configuration Example

PIX/ASA 7.x and above : Mail (SMTP) Server Access on Inside Network Configuration Example

PIX/ASA 7.x with Syslog Configuration Example

Configuring EtherChannel and 802.1Q Trunking Between Catalyst L2 Fixed Configuration Switches and Catalyst Switches Running CatOS

IOS NAT Load Balancing with Optimized Edge Routing for Two Internet Connections

Microsoft Windows 2003 DNS Server for Wireless LAN Controller (WLC) Discovery Configuration Example

KAREL UCAP DNS AND DHCP CONCEPTS MANUAL MADE BY: KAREL ELEKTRONIK SANAYI ve TICARET A.S. Organize Sanayi Gazneliler Caddesi 10

Chapter 10 Troubleshooting

Lab 5.5 Configuring Logging

Configuring a Leased Line

P and FTP Proxy caching Using a Cisco Cache Engine 550 an

ASA 8.X: Routing SSL VPN Traffic through Tunneled Default Gateway Configuration Example

Cisco Secure PIX Firewall with Two Routers Configuration Example

Catalyst Layer 3 Switch for Wake On LAN Support Across VLANs Configuration Example

Network Simulator Lab Study Plan

IOS NAT Load Balancing for Two ISP Connections

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

Lab - Observing DNS Resolution

Web Authentication Proxy on a Wireless LAN Controller Configuration Example

Lab Creating a Logical Network Diagram

Computer Networks I Laboratory Exercise 1

Effect of Windows XP Firewall on Network Simulation and Testing

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1

Lab Organizing CCENT Objectives by OSI Layer

CCNA Discovery Networking for Homes and Small Businesses Student Packet Tracer Lab Manual

Lab Load Balancing Across Multiple Paths

Lab Configuring Syslog and NTP (Instructor Version)

Homework 3 TCP/IP Network Monitoring and Management

Fundamentals of UNIX Lab Networking Commands (Estimated time: 45 min.)

Domain Name System. DNS is an example of a large scale client-server application. Copyright 2014 Jim Martin

Domain Name System (DNS) Fundamentals

CCNA Discovery Working at a Small to Medium Business or ISP Student Packet Tracer Lab Manual

Domain Name System (DNS) Session-1: Fundamentals. Ayitey Bulley

Cisco DNS-AS Troubleshooting

Most Common DMVPN Troubleshooting Solutions

How-to: DNS Enumeration

3.1 Connecting to a Router and Basic Configuration

Chapter 7 Troubleshooting

IPv6 Diagnostic and Troubleshooting

How To Configure InterVLAN Routing on Layer 3 Switches

Firewall Stateful Inspection of ICMP

Lab 5-5 Configuring the Cisco IOS DHCP Server

Using IPM to Measure Network Performance

Lab - Observing DNS Resolution

Troubleshooting IP Routing

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Device Interface IP Address Subnet Mask Default Gateway

Configuring Cisco CallManager IP Phones to Work With IP Phone Agent

Using Device Discovery

Borderware Firewall Server Version 7.1. VPN Authentication Configuration Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

Table of Contents. Cisco Configuring a Basic MPLS VPN

Securing Networks with PIX and ASA

iguring an IPSec Tunnel Cisco Secure PIX Firewall to Checkp

- Basic Router Security -

Chapter 2 Lab 2-2, EIGRP Load Balancing

Lab Configure Basic AP Security through IOS CLI

Lab Load Balancing Across Multiple Paths Instructor Version 2500

Unity Express Voice Mail Transfer Behavior

Table of Contents. Cisco Configuring the PPPoE Client on a Cisco Secure PIX Firewall

ASA 8.3 and Later: Enable FTP/TFTP Services Configuration Example

CCT vs. CCENT Skill Set Comparison

PT Activity 8.1.2: Network Discovery and Documentation Topology Diagram

Database Replication Error in Cisco Unified Communication Manager

Checking SQL Server or MSDE Version and Service Pack Level

Objectives Understand Cisco IOS system architecture components. Work with the Cisco IOS Command Line Interface (CLI) and common commands.

Unity Error Message: Your voic box is almost full

Interconnecting Cisco Network Devices 1 Course, Class Outline

Internetworking Microsoft TCP/IP on Microsoft Windows NT 4.0

Lab 3.5.1: Basic VLAN Configuration (Instructor Version)

PIX/ASA 7.x: Enable FTP/TFTP Services Configuration Example

GLBP Gateway Load Balancing Protocol

Basic Router Configuration Using Cisco Configuration Professional

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0

IPv6 Trace Analysis using Wireshark Nalini Elkins, CEO Inside Products, Inc.

Configuring a Lan-to-Lan VPN with Overlapping Subnets with Juniper NetScreen/ISG/SSG Products

Table of Contents. Confidential and Proprietary

Use Microsoft Outlook with Cisco Unified CallManager Express

Lab Configure Syslog on AP

File transfer and login using IPv6, plus What to do when things don t work

Lab Configuring OSPF with Loopback Addresses

Transcription:

Configuring DNS on Cisco Routers Document ID: 24182 Contents Introduction Prerequisites Requirements Components Used Conventions Setting Up a Router to Use DNS Lookups Troubleshooting You Can Ping a Web Server, But You Cannot View the HTML Pages Router Queries Multiple Name Servers Related Information Introduction The purpose of this document is to bring together certain points about Domain Name System (DNS) use by Cisco routers. Prerequisites Requirements Readers of this document should have knowledge of these topics: Cisco IOS Command Line Interface (CLI) General DNS behavior Components Used The information in this document is based on these software and hardware versions: Cisco 2500 series routers Cisco IOS software 12.2(24a) The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command. Conventions For more information on document conventions, refer to the Cisco Technical Tips Conventions. Setting Up a Router to Use DNS Lookups Your router can be configured to use DNS lookups if you wish to use the ping or traceroute commands with a host name rather than an IP address. Use these commands to do so:

Command ip domain lookup ip name server ip domain list ip domain name ip ospf name lookup Description Enables DNS based host name to address translation. This command is enabled by default. Specifies the address of one or more name servers. Defines a list of domains, each to be tried in turn. Note: If there is no domain list, the domain name that you specified with the ip domain name global configuration command is used. If there is a domain list, the default domain name is not used. Defines a default domain name that the Cisco IOS software uses to complete unqualified host names (names without a dotted decimal domain name). Do not include the initial period that separates an unqualified name from the domain name. Configures Open Shortest Path First (OSPF) to look up DNS names for use in all OSPF show EXEC command displays. This feature makes it easier to identify a router because the router is displayed by name rather than by its router ID or neighbor ID. This example shows a sample configuration on a router configured for basic DNS lookup: Sample Basic DNS Lookup Configuration Router# show running config Building configuration... Current configuration : 470 bytes version 12.2 service timestamps debug datetime msec service timestamps log uptime no service password encryption hostname Router ip subnet zero ip name server 192.168.1.100 Configures the IP address of the name server. Domain lookup is enabled by default. interface Ethernet0 ip address 192.168.1.1 255.255.255.0

Output Suppressed. end Router# ping www.cisco.com Translating "www.cisco.com"...domain server (192.168.1.100) [OK] Type escape sequence to abort. Sending 5, 100 byte ICMP Echos to 198.133.219.25, timeout is 2 seconds: Success rate is 100 percent (5/5), round trip min/avg/max = 224/228/236 ms Troubleshooting Under rare conditions, you may see one of these error conditions: Router# debug ip udp UDP packet debugging is on Router# ping www.yahoo.com Translating "www.yahoo.com"...domain server (129.250.35.250) *Mar 8 06:26:41.732: UDP: sent src=209.69.16.66(5476), dst=129.250.35.250(53), length=59 *Mar 8 06:26:44.740: UDP: sent src=209.69.16.66(5476), dst=129.250.35.250(53), length=59 *Mar 8 06:26:47.744: UDP: sent src=209.69.16.66(5476), dst=129.250.35.250(53), length=59 % Unrecognized host or address, or protocol not running. Router#undebug allall possible debugging has been turned off Router# ping www.yahoo.co.kr Translating "www.yahoo.co.kr"...domain server (169.140.249.4) Not process Router# ping www.novell.com Translating "www.novell.com"...domain server (255.255.255.255) % Unrecognized host or address, or protocol not running. Complete these steps to troubleshoot this problem: 1. Ensure the router can reach the DNS server. Ping the DNS server from the router using its IP address, and make sure that the ip name server command is used to configure the IP address of the DNS server on the router. 2. Use these steps to ensure that the router forwards the lookup requests: a. Define an access control list (ACL) that matches on DNS packets: b. access list 101 permit udp any any eq domain access list 101 permit udp any eq domain any Use the debug ip packet 101 command. Note: Ensure that you specify the ACL. If you enable the debug ip packet command without an ACL may produce a large amount of output to the console and cause the router to reload. 3. Ensure you have the ip domain lookup command enabled on the router. You Can Ping a Web Server, But You Cannot View the HTML Pages In rare cases, you may be unable to access particular Web sites by name. This problem typically results from the inaccessible sites performing a reverse DNS lookup on the source IP address to verify that the address is

not being spoofed. If an incorrect entry or no entry returns (in other words, there is no associated name for the the IP range) then the HTTP request will be blocked. When you obtain your Internet domain name, you also should apply for an inaddr.arpa domain. This special domain is sometimes called a reverse domain. The reverse domain maps numeric IP addresses into domain names. If your ISP provides your name server or your ISP assigned you an address from a block of its own addresses, you may not need to apply for an in addr.arpa domain on your own. Check with your ISP. Let us look at an example that uses www.cisco.com. The output which follows was captured from a UNIX workstation. We used the nslookup program and the dig program. Note the differences in the output: sj cse 280% nslookup www.cisco.com Note: nslookup is deprecated and may be removed from future releases. Consider using the 'dig' or 'host' programs instead. Run nslookup with the ' sil[ent]' option to prevent this message from appearing. Server: 171.68.226.120 Address: 171.68.226.120#53 Name: www.cisco.com Address: 198.133.219.25 sj cse 280% nslookup 198.133.219.25 Note: nslookup is deprecated and may be removed from future releases. Consider using the 'dig' or 'host' programs instead. Run nslookup with the ' sil[ent]' option to prevent this message from appearing. Server: 171.68.226.120 Address: 171.68.226.120#53 25.219.133.198.in addr.arpa name = www.cisco.com. The dig program prints more detailed information from the DNS packets: sj cse 280% dig 198.133.219.25 ; <<>> DiG 9.0.1 <<>> 198.133.219.25 ;; global options: printcmd ;; Got answer: ;; >>HEADER<< opcode: QUERY, status: NXDOMAIN, id: 5231 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;198.133.219.25. IN A ;; AUTHORITY SECTION:. 86400 IN SOA A.ROOT SERVERS.NET. nstld.verisign grs.com. ( 2002031800 1800 900 604800 86400 ) ;; Query time: 135 msec ;; SERVER: 171.68.226.120#53(171.68.226.120) ;; WHEN: Mon Mar 18 09:42:20 2002 ;; MSG SIZE rcvd: 107 Router Queries Multiple Name Servers Dependant upon on the network activity level, the router may query multiple name servers listed in the configuration. This is an example: router> test002 Translating?test002?...domain server (172.16.33.18) (171.70.10.78) (171.100.20.78) (172.16.33.18) (171.70.10.78) (171.10.20.78) Translating?test002?...domain server (172.16.33.18) [OK]

Trying test002.rtr.abc.com (171.68.23.130)... Open This behavior is expected and occurs when the router needs to create an Address Resolution Protocol (ARP) entry for the DNS server. By default, a router maintains an ARP entry for four hours. In periods of low activity, the router needs to complete the ARP entry and then perform the DNS query. If the ARP entry for the DNS server is not in the router ARP table, then you would get a failure if sending only one DNS query. So, two queries are sent out, one to get the ARP entry, if needed, and the second to actually do the DNS query. This behavior is common with TCP/IP applications. Related Information DNS Support Page IP Addressing and Application Services Support Page IP Routing Support Page Technical Support Cisco Systems Contacts & Feedback Help Site Map 2014 2015 Cisco Systems, Inc. All rights reserved. Terms & Conditions Privacy Statement Cookie Policy Trademarks of Cisco Systems, Inc. Updated: Sep 30, 2008 Document ID: 24182

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information