|
Cisco 871 as DNS server- problems.
I have an 871 in a very simple config here at home. For the moment, i
want it to behave just like a random, cheapy home router, and then play with it's additional capabilities. It's mostly working. In fact, it works nearly all the time. The only issue I have is that I'm using it as a DNS proxy with some locally defined hosts i want it to resolve. All works for a time, and then, seemingly randomly it will refuse to resolve an external host that worked just fine a while ago. By experimentation, I've found that logging into the CLI and pinging the host makes it work again- here's an example from nslookup on my PC: C:\Documents and Settings\Chris>nslookup Default Server: farnsworth Address: 192.168.1.1 > www.piglet-net.net Server: farnsworth Address: 192.168.1.1 *** No address (A) records available for www.piglet-net.net If I then log into the router: farnsworth#ping www.piglet-net.net Translating "www.piglet-net.net"...domain server (194.168.4.100) [OK] Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 62.233.104.60, timeout is 2 seconds: ..!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 32/41/64 ms farnsworth# and then retry nslookup: > www.piglet-net.net Server: farnsworth Address: 192.168.1.1 Non-authoritative answer: Name: www.piglet-net.net Address: 62.233.104.60 Am I doing something wrong? I'm speculating that once the TTL expires on a record, the router isn't going and looking at the external DNS, as this always seems to happen if I leave the router up. A router reload also clears the problem. Here's my config. =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2009.02.22 18:42:19 =~=~=~=~=~=~=~=~=~=~=~= sh run Building configuration... Current configuration : 3797 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname farnsworth ! boot-start-marker boot-end-marker ! security authentication failure rate 10 log security passwords min-length 6 logging message-counter syslog logging buffered 4096 logging console critical enable secret 5 [deleted] enable password 7 [deleted[ ! aaa new-model ! ! aaa authentication login local_auth local ! ! aaa session-id common ! ! dot11 syslog ! dot11 ssid [deleted] authentication open authentication key-management wpa guest-mode wpa-psk ascii 7 [deleted] ! no ip source-route no ip gratuitous-arps ! ! ip dhcp excluded-address 192.168.1.1 192.168.1.50 ip dhcp excluded-address 192.168.0.200 192.168.0.254 ! ip dhcp pool pool1 import all network 192.168.1.0 255.255.255.0 domain-name piglet.local dns-server 192.168.1.1 default-router 192.168.1.1 ! ! ip cef no ip bootp server ip domain name piglet.local ip host [deleted].piglet-net.net 192.168.1.3 ip host farnsworth 192.168.1.1 ip name-server 194.168.4.100 ip name-server 194.168.8.100 ip ddns update method no-ip HTTP add http://[deleted]@dynupdate.no-ip.com...pdatehostname=[deleted] interval maximum 0 8 0 0 ! login block-for 60 attempts 5 within 60 ! no ipv6 cef multilink bundle-name authenticated ! ! ! username admin password 7 [deleted] ! ! ! archive log config hidekeys ! ! ip ssh time-out 60 ip ssh authentication-retries 2 ip ssh version 1 ! bridge irb ! ! interface FastEthernet0 spanning-tree portfast ! interface FastEthernet1 spanning-tree portfast ! interface FastEthernet2 spanning-tree portfast ! interface FastEthernet3 spanning-tree portfast ! interface FastEthernet4 ip ddns update hostname [deleted] ip address dhcp ip verify unicast source reachable-via rx allow-default 100 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly speed auto full-duplex snmp trap ip verify drop-rate ! interface Dot11Radio0 no ip address no ip redirects no ip unreachables no ip proxy-arp ! encryption mode ciphers tkip ! ssid [deleted] ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding --More-- ! interface Vlan1 no ip address no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly bridge-group 1 ! interface Dialer0 no ip address no cdp enable ! interface BVI1 ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 FastEthernet4 no ip http server no ip http secure-server --More-- ! ! ip dns server ip nat inside source list 101 interface FastEthernet4 overload ! ! logging trap debugging logging facility local2 access-list 100 permit udp any any eq bootpc access-list 101 permit ip 192.168.1.0 0.0.0.255 any no cdp run ! ! ! ! ! control-plane ! bridge 1 protocol dec bridge 1 route ip banner motd ^C Unauthorised access prohibited ^C ! line con 0 login authentication local_auth no modem enable transport output telnet line aux 0 login authentication local_auth transport output telnet line vty 0 3 password 7 [deleted] transport input ssh line vty 4 password 7 [deleted] transport input none ! scheduler max-task-time 5000 end farnsworth# |
Re: Cisco 871 as DNS server- problems.
On Feb 23, 7:50*am, Chris Bartram <n...@delete-me.piglet-net.net>
wrote: > I have an 871 in a very simple config here at home. For the moment, i > want it to behave just like a random, cheapy home router, and then play > with it's additional capabilities. > > It's mostly working. In fact, it works nearly all the time. > > The only issue I have is that I'm using it as a DNS proxy with some > locally defined hosts i want it to resolve. All works for a time, and > then, seemingly randomly it will refuse to resolve an external host that > worked just fine a while ago. > > By experimentation, I've found that logging into the CLI and pinging the > host makes it work again- here's an example from nslookup on my PC: > > C:\Documents and Settings\Chris>nslookup > Default Server: *farnsworth > Address: *192.168.1.1 > > *>www.piglet-net.net > Server: *farnsworth > Address: *192.168.1.1 > > *** No address (A) records available forwww.piglet-net.net > > If I then log into the router: > > farnsworth#pingwww.piglet-net.net > > Translating "www.piglet-net.net"...domain server (194.168.4.100) [OK] > > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 62.233.104.60, timeout is 2 seconds: > .!!!! > Success rate is 80 percent (4/5), round-trip min/avg/max = 32/41/64 ms > farnsworth# > > and then retry nslookup: > > *>www.piglet-net.net > Server: *farnsworth > Address: *192.168.1.1 > > Non-authoritative answer: > Name: * *www.piglet-net.net > Address: *62.233.104.60 > > Am I doing something wrong? I'm speculating that once the TTL expires on > a record, the router isn't going and looking at the external DNS, as > this always seems to happen if I leave the router up. > > A router reload also clears the problem. > > Here's my config. > > =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2009.02.22 18:42:19 > =~=~=~=~=~=~=~=~=~=~=~= > sh run > Building configuration... > > Current configuration : 3797 bytes > ! > version 12.4 > no service pad > service tcp-keepalives-in > service tcp-keepalives-out > service timestamps debug datetime msec localtime show-timezone > service timestamps log datetime msec localtime show-timezone > service password-encryption > service sequence-numbers > ! > hostname farnsworth > ! > boot-start-marker > boot-end-marker > ! > security authentication failure rate 10 log > security passwords min-length 6 > logging message-counter syslog > logging buffered 4096 > logging console critical > enable secret 5 [deleted] > enable password 7 [deleted[ > ! > aaa new-model > ! > ! > aaa authentication login local_auth local > ! > ! > aaa session-id common > ! > ! > dot11 syslog > ! > dot11 ssid [deleted] > * * authentication open > * * authentication key-management wpa > * * guest-mode > * * wpa-psk ascii 7 [deleted] > ! > no ip source-route > no ip gratuitous-arps > ! > ! > ip dhcp excluded-address 192.168.1.1 192.168.1.50 > ip dhcp excluded-address 192.168.0.200 192.168.0.254 > ! > ip dhcp pool pool1 > * * import all > * * network 192.168.1.0 255.255.255.0 > * * domain-name piglet.local > * * dns-server 192.168.1.1 > * * default-router 192.168.1.1 > ! > ! > ip cef > no ip bootp server > ip domain name piglet.local > ip host [deleted].piglet-net.net 192.168.1.3 > ip host farnsworth 192.168.1.1 > ip name-server 194.168.4.100 > ip name-server 194.168.8.100 > ip ddns update method no-ip > * HTTP > * *addhttp://[deleted]@dynupdate.no-ip.com/nic/updatehostname=[deleted] > * *interval maximum 0 8 0 0 > ! > login block-for 60 attempts 5 within 60 > ! > no ipv6 cef > multilink bundle-name authenticated > ! > ! > ! > username admin password 7 [deleted] > ! > ! > ! > archive > * log config > * *hidekeys > ! > ! > ip ssh time-out 60 > ip ssh authentication-retries 2 > ip ssh version 1 > ! > bridge irb > ! > ! > interface FastEthernet0 > * spanning-tree portfast > ! > interface FastEthernet1 > * spanning-tree portfast > ! > interface FastEthernet2 > * spanning-tree portfast > ! > interface FastEthernet3 > * spanning-tree portfast > ! > interface FastEthernet4 > * ip ddns update hostname [deleted] > * ip address dhcp > * ip verify unicast source reachable-via rx allow-default 100 > * no ip redirects > * no ip unreachables > * no ip proxy-arp > * ip nat outside > * ip virtual-reassembly > * speed auto > * full-duplex > * snmp trap ip verify drop-rate > ! > interface Dot11Radio0 > * no ip address > * no ip redirects > * no ip unreachables > * no ip proxy-arp > * ! > * encryption mode ciphers tkip > * ! > * ssid [deleted] > * ! > * speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 > 36.0 48.0 54.0 > * station-role root > * bridge-group 1 > * bridge-group 1 subscriber-loop-control > * bridge-group 1 spanning-disabled > * bridge-group 1 block-unknown-source > * no bridge-group 1 source-learning > * no bridge-group 1 unicast-flooding > * --More-- * * * * ! > interface Vlan1 > * no ip address > * no ip redirects > * no ip unreachables > * no ip proxy-arp > * ip nat inside > * ip virtual-reassembly > * bridge-group 1 > ! > interface Dialer0 > * no ip address > * no cdp enable > ! > interface BVI1 > * ip address 192.168.1.1 255.255.255.0 > * ip nat inside > * ip virtual-reassembly > ! > ip forward-protocol nd > ip route 0.0.0.0 0.0.0.0 FastEthernet4 > no ip http server > no ip http secure-server > * --More-- * * * * ! > ! > ip dns server > ip nat inside source list 101 interface FastEthernet4 overload > ! > ! > logging trap debugging > logging facility local2 > access-list 100 permit udp any any eq bootpc > access-list 101 permit ip 192.168.1.0 0.0.0.255 any > no cdp run > > ! > ! > ! > ! > ! > control-plane > ! > bridge 1 protocol dec > bridge 1 route ip > banner motd ^C Unauthorised access prohibited ^C > ! > line con 0 > * login authentication local_auth > * no modem enable > * transport output telnet > line aux 0 > * login authentication local_auth > * transport output telnet > line vty 0 3 > * password 7 [deleted] > * transport input ssh > line vty 4 > * password 7 [deleted] > * transport input none > ! > scheduler max-task-time 5000 > end > > farnsworth# your router may be running out of memory Flamer. |
Re: Cisco 871 as DNS server- problems.
flamer die.spam@hotmail.com wrote:
> > your router may be running out of memory > > Flamer. That's a good point. Thanks. I'll check it. |
| All times are GMT. The time now is 12:25 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.