We have our external routers locked down so no packets can hit the router without being permited such as NTP, telnet etc.
I just enabled the router with a name server to do DNS resolution for any ping troubleshooting. I turned on a basic debug to track the conversation with the DNS server. I got the permit line in for the DNS to the router and it worked fine and resolved names and all. After this I noticed from the debug that the router was now blocking other DNS queries from inside the network to the same DNS server.
The bottom of the ACL has the 'permit ip any any' statement so I am not sure why this happened. Do I need to add a 'permit udp any any' statement to correct this or what? I assume that maybe when I had this entry some implicit deny gets turned on for udp 53 or something.
Thanks,
Greg
I just enabled the router with a name server to do DNS resolution for any ping troubleshooting. I turned on a basic debug to track the conversation with the DNS server. I got the permit line in for the DNS to the router and it worked fine and resolved names and all. After this I noticed from the debug that the router was now blocking other DNS queries from inside the network to the same DNS server.
The bottom of the ACL has the 'permit ip any any' statement so I am not sure why this happened. Do I need to add a 'permit udp any any' statement to correct this or what? I assume that maybe when I had this entry some implicit deny gets turned on for udp 53 or something.
Thanks,
Greg