Cisco 881W DNS NAT issue

[ccarmock]

Hi

I have a Cisco 881W setup with a cable modem.

I want external users to be able to query an internal DNS server for both name resolution and zone transfers, so have added the following lines to the config:-

ip nat inside source static tcp 192.168.200.20 53 interface FastEthernet4 53
ip nat inside source static udp 192.168.200.20 53 interface FastEthernet4 53


192.168.200.20 is the internal IP address of the DNS server, FasterEthernte 4 is the WAN interface and has the public IP address

There is an inbound accesslist on Fastethernet4 however this allows inbound TCP & UDP port 53 connections

I have simialr translatiosn for port 80, 443 etc and they work just fine. However DNS resolution just doesn't work. I wonder if anyone can offer some advice?

 

[burtsbees]

Not very privy to DNS stuff myself, but you are doing things correctly. You sure the queries are supposed to come in on tcp/udp 53? You can have an external user try and telnet to that server with port 53...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[ccarmock]

When an external user tries to query DNS (usually UDP 53) or zone transfer (TCP 53) they get a time out

Trying the same 'inside' to the 192.168 address works just fine.

The equests from outside do come into port 53 and the ISP confirms there is NO blocking

 

[burtsbees]

1.Log to the buffer at debug level, and look at them at the time of the query, see what acl, if any, may be blocking.
2.Wireshark at the DNS server, if packets are not getting dropped by the router.
3.If neither of these generate any output, then create an acl specifically for the DNS server.

Please post a sh run.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!