Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco 871 as DNS server- problems.

Reply
Thread Tools

Cisco 871 as DNS server- problems.

 
 
Chris Bartram
Guest
Posts: n/a
 
      02-22-2009
I have an 871 in a very simple config here at home. For the moment, i
want it to behave just like a random, cheapy home router, and then play
with it's additional capabilities.

It's mostly working. In fact, it works nearly all the time.

The only issue I have is that I'm using it as a DNS proxy with some
locally defined hosts i want it to resolve. All works for a time, and
then, seemingly randomly it will refuse to resolve an external host that
worked just fine a while ago.

By experimentation, I've found that logging into the CLI and pinging the
host makes it work again- here's an example from nslookup on my PC:


C:\Documents and Settings\Chris>nslookup
Default Server: farnsworth
Address: 192.168.1.1

> www.piglet-net.net

Server: farnsworth
Address: 192.168.1.1

*** No address (A) records available for www.piglet-net.net


If I then log into the router:

farnsworth#ping www.piglet-net.net

Translating "www.piglet-net.net"...domain server (194.168.4.100) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 62.233.104.60, timeout is 2 seconds:
..!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 32/41/64 ms
farnsworth#

and then retry nslookup:

> www.piglet-net.net

Server: farnsworth
Address: 192.168.1.1

Non-authoritative answer:
Name: www.piglet-net.net
Address: 62.233.104.60

Am I doing something wrong? I'm speculating that once the TTL expires on
a record, the router isn't going and looking at the external DNS, as
this always seems to happen if I leave the router up.

A router reload also clears the problem.

Here's my config.

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2009.02.22 18:42:19
=~=~=~=~=~=~=~=~=~=~=~=
sh run
Building configuration...

Current configuration : 3797 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname farnsworth
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging message-counter syslog
logging buffered 4096
logging console critical
enable secret 5 [deleted]
enable password 7 [deleted[
!
aaa new-model
!
!
aaa authentication login local_auth local
!
!
aaa session-id common
!
!
dot11 syslog
!
dot11 ssid [deleted]
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 [deleted]
!
no ip source-route
no ip gratuitous-arps
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.50
ip dhcp excluded-address 192.168.0.200 192.168.0.254
!
ip dhcp pool pool1
import all
network 192.168.1.0 255.255.255.0
domain-name piglet.local
dns-server 192.168.1.1
default-router 192.168.1.1
!
!
ip cef
no ip bootp server
ip domain name piglet.local
ip host [deleted].piglet-net.net 192.168.1.3
ip host farnsworth 192.168.1.1
ip name-server 194.168.4.100
ip name-server 194.168.8.100
ip ddns update method no-ip
HTTP
add http://[deleted]@dynupdate.no-ip.com...pdatehostname=[deleted]
interval maximum 0 8 0 0
!
login block-for 60 attempts 5 within 60
!
no ipv6 cef
multilink bundle-name authenticated
!
!
!
username admin password 7 [deleted]
!
!
!
archive
log config
hidekeys
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 1
!
bridge irb
!
!
interface FastEthernet0
spanning-tree portfast
!
interface FastEthernet1
spanning-tree portfast
!
interface FastEthernet2
spanning-tree portfast
!
interface FastEthernet3
spanning-tree portfast
!
interface FastEthernet4
ip ddns update hostname [deleted]
ip address dhcp
ip verify unicast source reachable-via rx allow-default 100
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
speed auto
full-duplex
snmp trap ip verify drop-rate
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
!
encryption mode ciphers tkip
!
ssid [deleted]
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
--More-- !
interface Vlan1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
bridge-group 1
!
interface Dialer0
no ip address
no cdp enable
!
interface BVI1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4
no ip http server
no ip http secure-server
--More-- !
!
ip dns server
ip nat inside source list 101 interface FastEthernet4 overload
!
!
logging trap debugging
logging facility local2
access-list 100 permit udp any any eq bootpc
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
no cdp run

!
!
!
!
!
control-plane
!
bridge 1 protocol dec
bridge 1 route ip
banner motd ^C Unauthorised access prohibited ^C
!
line con 0
login authentication local_auth
no modem enable
transport output telnet
line aux 0
login authentication local_auth
transport output telnet
line vty 0 3
password 7 [deleted]
transport input ssh
line vty 4
password 7 [deleted]
transport input none
!
scheduler max-task-time 5000
end

farnsworth#
 
Reply With Quote
 
 
 
 
flamer die.spam@hotmail.com
Guest
Posts: n/a
 
      02-23-2009
On Feb 23, 7:50*am, Chris Bartram <(E-Mail Removed)-net.net>
wrote:
> I have an 871 in a very simple config here at home. For the moment, i
> want it to behave just like a random, cheapy home router, and then play
> with it's additional capabilities.
>
> It's mostly working. In fact, it works nearly all the time.
>
> The only issue I have is that I'm using it as a DNS proxy with some
> locally defined hosts i want it to resolve. All works for a time, and
> then, seemingly randomly it will refuse to resolve an external host that
> worked just fine a while ago.
>
> By experimentation, I've found that logging into the CLI and pinging the
> host makes it work again- here's an example from nslookup on my PC:
>
> C:\Documents and Settings\Chris>nslookup
> Default Server: *farnsworth
> Address: *192.168.1.1
>
> *>www.piglet-net.net
> Server: *farnsworth
> Address: *192.168.1.1
>
> *** No address (A) records available forwww.piglet-net.net
>
> If I then log into the router:
>
> farnsworth#pingwww.piglet-net.net
>
> Translating "www.piglet-net.net"...domain server (194.168.4.100) [OK]
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 62.233.104.60, timeout is 2 seconds:
> .!!!!
> Success rate is 80 percent (4/5), round-trip min/avg/max = 32/41/64 ms
> farnsworth#
>
> and then retry nslookup:
>
> *>www.piglet-net.net
> Server: *farnsworth
> Address: *192.168.1.1
>
> Non-authoritative answer:
> Name: * *www.piglet-net.net
> Address: *62.233.104.60
>
> Am I doing something wrong? I'm speculating that once the TTL expires on
> a record, the router isn't going and looking at the external DNS, as
> this always seems to happen if I leave the router up.
>
> A router reload also clears the problem.
>
> Here's my config.
>
> =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2009.02.22 18:42:19
> =~=~=~=~=~=~=~=~=~=~=~=
> sh run
> Building configuration...
>
> Current configuration : 3797 bytes
> !
> version 12.4
> no service pad
> service tcp-keepalives-in
> service tcp-keepalives-out
> service timestamps debug datetime msec localtime show-timezone
> service timestamps log datetime msec localtime show-timezone
> service password-encryption
> service sequence-numbers
> !
> hostname farnsworth
> !
> boot-start-marker
> boot-end-marker
> !
> security authentication failure rate 10 log
> security passwords min-length 6
> logging message-counter syslog
> logging buffered 4096
> logging console critical
> enable secret 5 [deleted]
> enable password 7 [deleted[
> !
> aaa new-model
> !
> !
> aaa authentication login local_auth local
> !
> !
> aaa session-id common
> !
> !
> dot11 syslog
> !
> dot11 ssid [deleted]
> * * authentication open
> * * authentication key-management wpa
> * * guest-mode
> * * wpa-psk ascii 7 [deleted]
> !
> no ip source-route
> no ip gratuitous-arps
> !
> !
> ip dhcp excluded-address 192.168.1.1 192.168.1.50
> ip dhcp excluded-address 192.168.0.200 192.168.0.254
> !
> ip dhcp pool pool1
> * * import all
> * * network 192.168.1.0 255.255.255.0
> * * domain-name piglet.local
> * * dns-server 192.168.1.1
> * * default-router 192.168.1.1
> !
> !
> ip cef
> no ip bootp server
> ip domain name piglet.local
> ip host [deleted].piglet-net.net 192.168.1.3
> ip host farnsworth 192.168.1.1
> ip name-server 194.168.4.100
> ip name-server 194.168.8.100
> ip ddns update method no-ip
> * HTTP
> * *addhttp://[deleted]@dynupdate.no-ip.com/nic/updatehostname=[deleted]
> * *interval maximum 0 8 0 0
> !
> login block-for 60 attempts 5 within 60
> !
> no ipv6 cef
> multilink bundle-name authenticated
> !
> !
> !
> username admin password 7 [deleted]
> !
> !
> !
> archive
> * log config
> * *hidekeys
> !
> !
> ip ssh time-out 60
> ip ssh authentication-retries 2
> ip ssh version 1
> !
> bridge irb
> !
> !
> interface FastEthernet0
> * spanning-tree portfast
> !
> interface FastEthernet1
> * spanning-tree portfast
> !
> interface FastEthernet2
> * spanning-tree portfast
> !
> interface FastEthernet3
> * spanning-tree portfast
> !
> interface FastEthernet4
> * ip ddns update hostname [deleted]
> * ip address dhcp
> * ip verify unicast source reachable-via rx allow-default 100
> * no ip redirects
> * no ip unreachables
> * no ip proxy-arp
> * ip nat outside
> * ip virtual-reassembly
> * speed auto
> * full-duplex
> * snmp trap ip verify drop-rate
> !
> interface Dot11Radio0
> * no ip address
> * no ip redirects
> * no ip unreachables
> * no ip proxy-arp
> * !
> * encryption mode ciphers tkip
> * !
> * ssid [deleted]
> * !
> * speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
> 36.0 48.0 54.0
> * station-role root
> * bridge-group 1
> * bridge-group 1 subscriber-loop-control
> * bridge-group 1 spanning-disabled
> * bridge-group 1 block-unknown-source
> * no bridge-group 1 source-learning
> * no bridge-group 1 unicast-flooding
> * --More-- * * * * !
> interface Vlan1
> * no ip address
> * no ip redirects
> * no ip unreachables
> * no ip proxy-arp
> * ip nat inside
> * ip virtual-reassembly
> * bridge-group 1
> !
> interface Dialer0
> * no ip address
> * no cdp enable
> !
> interface BVI1
> * ip address 192.168.1.1 255.255.255.0
> * ip nat inside
> * ip virtual-reassembly
> !
> ip forward-protocol nd
> ip route 0.0.0.0 0.0.0.0 FastEthernet4
> no ip http server
> no ip http secure-server
> * --More-- * * * * !
> !
> ip dns server
> ip nat inside source list 101 interface FastEthernet4 overload
> !
> !
> logging trap debugging
> logging facility local2
> access-list 100 permit udp any any eq bootpc
> access-list 101 permit ip 192.168.1.0 0.0.0.255 any
> no cdp run
>
> !
> !
> !
> !
> !
> control-plane
> !
> bridge 1 protocol dec
> bridge 1 route ip
> banner motd ^C Unauthorised access prohibited ^C
> !
> line con 0
> * login authentication local_auth
> * no modem enable
> * transport output telnet
> line aux 0
> * login authentication local_auth
> * transport output telnet
> line vty 0 3
> * password 7 [deleted]
> * transport input ssh
> line vty 4
> * password 7 [deleted]
> * transport input none
> !
> scheduler max-task-time 5000
> end
>
> farnsworth#


your router may be running out of memory

Flamer.
 
Reply With Quote
 
 
 
 
Chris Bartram
Guest
Posts: n/a
 
      02-23-2009
flamer http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:

>
> your router may be running out of memory
>
> Flamer.

That's a good point. Thanks. I'll check it.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco 871 SDM Problem Kronos Cisco 2 11-04-2008 03:49 PM
Port Forwarding with Cisco 871?? mhaase-at-springmind.com Cisco 4 11-14-2007 12:54 PM
Cisco 871 router and WEP WPA-PSK Mario Lopez Cisco 0 11-28-2005 11:04 PM
VLnas and cisco 871. AM Cisco 1 10-29-2005 09:33 PM
Cisco 871 vs 1712? Rob Cisco 5 10-26-2005 02:32 PM



Advertisments