Cisco Router - DNS Forwarding

[smarksfrcb]

Hello,

I have a Cisco 2811 Series Router. I want any dns queries sent to it to be forwarded to a dns server. Here is what I configured

ip dns server
ip name-servers 1.1.1.1 Ficticious ip
ip domain-lookup

if I try to traceroute to a url that I know is valid from the router telnet session I get


Router#traceroute goodurl.home.com
Translating "goodurl.home.com"...domain server (1.1.1.1)
Translating "goodurl.home.com"...domain server (1.1.1.1)
Translating "goodurl.home.com"...domain server (1.1.1.1)
Translating "goodurl.home.com"...domain server (1.1.1.1)
% Unrecognized host or address.


Furthermore, if I do an nslookup from a PC and change the server to 1.1.1.1 it will resolve goodurl.home.com to the proper ip address fine.

Any help would be greatly appreciated.

 

[Alterac]

Post your full config (without passwords)

Chances are its an ACL issue.

----------------------------------
Bill

 

[smarksfrcb]

Hello,

Sorry for the delay in replying and thank you for the help...would it be an ACL issue if I can resolve urls to ip addresses from a PC using NSLOOKUP with the server set as the same as what I have configured as the name servers on the router?

 

[burtsbees]

How about google?

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[smarksfrcb]

This DNS server we are forwarding the queries to does not resolve external addresses, only internal addresses.

 

[smarksfrcb]

One other piece of information to pass on is that if I add a name-server that is internal to my network this starts to work fine...would this confirm it is an ACL issue? Also, I have been reading something else that points to a possible NAT issue?

thanks

 

[PScottC]

Do you permit DNS traffic from your routers through your firewall? Perhaps your firewall is configured to only allow DNS traffic from your internal DNS servers.

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[smarksfrcb]

Yes...we have a DNS server now that is forwarding DNS requests to the same server I want to forward the router requests from and they pass fine.

 

[smarksfrcb]

I have also just read an article that this may be a NAT issue...right now we have multiple pools configure as PAT (Overload)...it says I may need to configure a NAT pool with a 1/1 ratio using the internal ip address of the router....just wondering if this makes sense to anyone?

 

[PScottC]

How about forcing the source interface for DNS requests to be either a loopback address or the nearest interface to the DNS server?

ip domain lookup source-interface FastEthernet0/0


PSC
[—] CCNP [•] CCSP [•] MCITP: Enterprise Admin [•] MCSE [—]

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers