Cisco 871 as DNS server- problems.

Discussion in 'Cisco' started by Chris Bartram, Feb 22, 2009.

  1. I have an 871 in a very simple config here at home. For the moment, i
    want it to behave just like a random, cheapy home router, and then play
    with it's additional capabilities.

    It's mostly working. In fact, it works nearly all the time.

    The only issue I have is that I'm using it as a DNS proxy with some
    locally defined hosts i want it to resolve. All works for a time, and
    then, seemingly randomly it will refuse to resolve an external host that
    worked just fine a while ago.

    By experimentation, I've found that logging into the CLI and pinging the
    host makes it work again- here's an example from nslookup on my PC:


    C:\Documents and Settings\Chris>nslookup
    Default Server: farnsworth
    Address: 192.168.1.1

    > www.piglet-net.net

    Server: farnsworth
    Address: 192.168.1.1

    *** No address (A) records available for www.piglet-net.net


    If I then log into the router:

    farnsworth#ping www.piglet-net.net

    Translating "www.piglet-net.net"...domain server (194.168.4.100) [OK]

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 62.233.104.60, timeout is 2 seconds:
    ..!!!!
    Success rate is 80 percent (4/5), round-trip min/avg/max = 32/41/64 ms
    farnsworth#

    and then retry nslookup:

    > www.piglet-net.net

    Server: farnsworth
    Address: 192.168.1.1

    Non-authoritative answer:
    Name: www.piglet-net.net
    Address: 62.233.104.60

    Am I doing something wrong? I'm speculating that once the TTL expires on
    a record, the router isn't going and looking at the external DNS, as
    this always seems to happen if I leave the router up.

    A router reload also clears the problem.

    Here's my config.

    =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2009.02.22 18:42:19
    =~=~=~=~=~=~=~=~=~=~=~=
    sh run
    Building configuration...

    Current configuration : 3797 bytes
    !
    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname farnsworth
    !
    boot-start-marker
    boot-end-marker
    !
    security authentication failure rate 10 log
    security passwords min-length 6
    logging message-counter syslog
    logging buffered 4096
    logging console critical
    enable secret 5 [deleted]
    enable password 7 [deleted[
    !
    aaa new-model
    !
    !
    aaa authentication login local_auth local
    !
    !
    aaa session-id common
    !
    !
    dot11 syslog
    !
    dot11 ssid [deleted]
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 [deleted]
    !
    no ip source-route
    no ip gratuitous-arps
    !
    !
    ip dhcp excluded-address 192.168.1.1 192.168.1.50
    ip dhcp excluded-address 192.168.0.200 192.168.0.254
    !
    ip dhcp pool pool1
    import all
    network 192.168.1.0 255.255.255.0
    domain-name piglet.local
    dns-server 192.168.1.1
    default-router 192.168.1.1
    !
    !
    ip cef
    no ip bootp server
    ip domain name piglet.local
    ip host [deleted].piglet-net.net 192.168.1.3
    ip host farnsworth 192.168.1.1
    ip name-server 194.168.4.100
    ip name-server 194.168.8.100
    ip ddns update method no-ip
    HTTP
    add http://[deleted]@dynupdate.no-ip.com/nic/updatehostname=[deleted]
    interval maximum 0 8 0 0
    !
    login block-for 60 attempts 5 within 60
    !
    no ipv6 cef
    multilink bundle-name authenticated
    !
    !
    !
    username admin password 7 [deleted]
    !
    !
    !
    archive
    log config
    hidekeys
    !
    !
    ip ssh time-out 60
    ip ssh authentication-retries 2
    ip ssh version 1
    !
    bridge irb
    !
    !
    interface FastEthernet0
    spanning-tree portfast
    !
    interface FastEthernet1
    spanning-tree portfast
    !
    interface FastEthernet2
    spanning-tree portfast
    !
    interface FastEthernet3
    spanning-tree portfast
    !
    interface FastEthernet4
    ip ddns update hostname [deleted]
    ip address dhcp
    ip verify unicast source reachable-via rx allow-default 100
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip virtual-reassembly
    speed auto
    full-duplex
    snmp trap ip verify drop-rate
    !
    interface Dot11Radio0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    !
    encryption mode ciphers tkip
    !
    ssid [deleted]
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
    36.0 48.0 54.0
    station-role root
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 spanning-disabled
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    --More-- !
    interface Vlan1
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    bridge-group 1
    !
    interface Dialer0
    no ip address
    no cdp enable
    !
    interface BVI1
    ip address 192.168.1.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 FastEthernet4
    no ip http server
    no ip http secure-server
    --More-- !
    !
    ip dns server
    ip nat inside source list 101 interface FastEthernet4 overload
    !
    !
    logging trap debugging
    logging facility local2
    access-list 100 permit udp any any eq bootpc
    access-list 101 permit ip 192.168.1.0 0.0.0.255 any
    no cdp run

    !
    !
    !
    !
    !
    control-plane
    !
    bridge 1 protocol dec
    bridge 1 route ip
    banner motd ^C Unauthorised access prohibited ^C
    !
    line con 0
    login authentication local_auth
    no modem enable
    transport output telnet
    line aux 0
    login authentication local_auth
    transport output telnet
    line vty 0 3
    password 7 [deleted]
    transport input ssh
    line vty 4
    password 7 [deleted]
    transport input none
    !
    scheduler max-task-time 5000
    end

    farnsworth#
     
    Chris Bartram, Feb 22, 2009
    #1
    1. Advertising

  2. Chris Bartram

    flamer Guest

    On Feb 23, 7:50 am, Chris Bartram <-net.net>
    wrote:
    > I have an 871 in a very simple config here at home. For the moment, i
    > want it to behave just like a random, cheapy home router, and then play
    > with it's additional capabilities.
    >
    > It's mostly working. In fact, it works nearly all the time.
    >
    > The only issue I have is that I'm using it as a DNS proxy with some
    > locally defined hosts i want it to resolve. All works for a time, and
    > then, seemingly randomly it will refuse to resolve an external host that
    > worked just fine a while ago.
    >
    > By experimentation, I've found that logging into the CLI and pinging the
    > host makes it work again- here's an example from nslookup on my PC:
    >
    > C:\Documents and Settings\Chris>nslookup
    > Default Server:  farnsworth
    > Address:  192.168.1.1
    >
    >  >www.piglet-net.net
    > Server:  farnsworth
    > Address:  192.168.1.1
    >
    > *** No address (A) records available forwww.piglet-net.net
    >
    > If I then log into the router:
    >
    > farnsworth#pingwww.piglet-net.net
    >
    > Translating "www.piglet-net.net"...domain server (194.168.4.100) [OK]
    >
    > Type escape sequence to abort.
    > Sending 5, 100-byte ICMP Echos to 62.233.104.60, timeout is 2 seconds:
    > .!!!!
    > Success rate is 80 percent (4/5), round-trip min/avg/max = 32/41/64 ms
    > farnsworth#
    >
    > and then retry nslookup:
    >
    >  >www.piglet-net.net
    > Server:  farnsworth
    > Address:  192.168.1.1
    >
    > Non-authoritative answer:
    > Name:    www.piglet-net.net
    > Address:  62.233.104.60
    >
    > Am I doing something wrong? I'm speculating that once the TTL expires on
    > a record, the router isn't going and looking at the external DNS, as
    > this always seems to happen if I leave the router up.
    >
    > A router reload also clears the problem.
    >
    > Here's my config.
    >
    > =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2009.02.22 18:42:19
    > =~=~=~=~=~=~=~=~=~=~=~=
    > sh run
    > Building configuration...
    >
    > Current configuration : 3797 bytes
    > !
    > version 12.4
    > no service pad
    > service tcp-keepalives-in
    > service tcp-keepalives-out
    > service timestamps debug datetime msec localtime show-timezone
    > service timestamps log datetime msec localtime show-timezone
    > service password-encryption
    > service sequence-numbers
    > !
    > hostname farnsworth
    > !
    > boot-start-marker
    > boot-end-marker
    > !
    > security authentication failure rate 10 log
    > security passwords min-length 6
    > logging message-counter syslog
    > logging buffered 4096
    > logging console critical
    > enable secret 5 [deleted]
    > enable password 7 [deleted[
    > !
    > aaa new-model
    > !
    > !
    > aaa authentication login local_auth local
    > !
    > !
    > aaa session-id common
    > !
    > !
    > dot11 syslog
    > !
    > dot11 ssid [deleted]
    >     authentication open
    >     authentication key-management wpa
    >     guest-mode
    >     wpa-psk ascii 7 [deleted]
    > !
    > no ip source-route
    > no ip gratuitous-arps
    > !
    > !
    > ip dhcp excluded-address 192.168.1.1 192.168.1.50
    > ip dhcp excluded-address 192.168.0.200 192.168.0.254
    > !
    > ip dhcp pool pool1
    >     import all
    >     network 192.168.1.0 255.255.255.0
    >     domain-name piglet.local
    >     dns-server 192.168.1.1
    >     default-router 192.168.1.1
    > !
    > !
    > ip cef
    > no ip bootp server
    > ip domain name piglet.local
    > ip host [deleted].piglet-net.net 192.168.1.3
    > ip host farnsworth 192.168.1.1
    > ip name-server 194.168.4.100
    > ip name-server 194.168.8.100
    > ip ddns update method no-ip
    >   HTTP
    >    addhttp://[deleted]@dynupdate.no-ip.com/nic/updatehostname=[deleted]
    >    interval maximum 0 8 0 0
    > !
    > login block-for 60 attempts 5 within 60
    > !
    > no ipv6 cef
    > multilink bundle-name authenticated
    > !
    > !
    > !
    > username admin password 7 [deleted]
    > !
    > !
    > !
    > archive
    >   log config
    >    hidekeys
    > !
    > !
    > ip ssh time-out 60
    > ip ssh authentication-retries 2
    > ip ssh version 1
    > !
    > bridge irb
    > !
    > !
    > interface FastEthernet0
    >   spanning-tree portfast
    > !
    > interface FastEthernet1
    >   spanning-tree portfast
    > !
    > interface FastEthernet2
    >   spanning-tree portfast
    > !
    > interface FastEthernet3
    >   spanning-tree portfast
    > !
    > interface FastEthernet4
    >   ip ddns update hostname [deleted]
    >   ip address dhcp
    >   ip verify unicast source reachable-via rx allow-default 100
    >   no ip redirects
    >   no ip unreachables
    >   no ip proxy-arp
    >   ip nat outside
    >   ip virtual-reassembly
    >   speed auto
    >   full-duplex
    >   snmp trap ip verify drop-rate
    > !
    > interface Dot11Radio0
    >   no ip address
    >   no ip redirects
    >   no ip unreachables
    >   no ip proxy-arp
    >   !
    >   encryption mode ciphers tkip
    >   !
    >   ssid [deleted]
    >   !
    >   speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
    > 36.0 48.0 54.0
    >   station-role root
    >   bridge-group 1
    >   bridge-group 1 subscriber-loop-control
    >   bridge-group 1 spanning-disabled
    >   bridge-group 1 block-unknown-source
    >   no bridge-group 1 source-learning
    >   no bridge-group 1 unicast-flooding
    >   --More--         !
    > interface Vlan1
    >   no ip address
    >   no ip redirects
    >   no ip unreachables
    >   no ip proxy-arp
    >   ip nat inside
    >   ip virtual-reassembly
    >   bridge-group 1
    > !
    > interface Dialer0
    >   no ip address
    >   no cdp enable
    > !
    > interface BVI1
    >   ip address 192.168.1.1 255.255.255.0
    >   ip nat inside
    >   ip virtual-reassembly
    > !
    > ip forward-protocol nd
    > ip route 0.0.0.0 0.0.0.0 FastEthernet4
    > no ip http server
    > no ip http secure-server
    >   --More--         !
    > !
    > ip dns server
    > ip nat inside source list 101 interface FastEthernet4 overload
    > !
    > !
    > logging trap debugging
    > logging facility local2
    > access-list 100 permit udp any any eq bootpc
    > access-list 101 permit ip 192.168.1.0 0.0.0.255 any
    > no cdp run
    >
    > !
    > !
    > !
    > !
    > !
    > control-plane
    > !
    > bridge 1 protocol dec
    > bridge 1 route ip
    > banner motd ^C Unauthorised access prohibited ^C
    > !
    > line con 0
    >   login authentication local_auth
    >   no modem enable
    >   transport output telnet
    > line aux 0
    >   login authentication local_auth
    >   transport output telnet
    > line vty 0 3
    >   password 7 [deleted]
    >   transport input ssh
    > line vty 4
    >   password 7 [deleted]
    >   transport input none
    > !
    > scheduler max-task-time 5000
    > end
    >
    > farnsworth#


    your router may be running out of memory

    Flamer.
     
    flamer , Feb 23, 2009
    #2
    1. Advertising

  3. flamer wrote:

    >
    > your router may be running out of memory
    >
    > Flamer.

    That's a good point. Thanks. I'll check it.
     
    Chris Bartram, Feb 23, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike_B
    Replies:
    1
    Views:
    3,939
  2. Lars Bonnesen
    Replies:
    9
    Views:
    7,321
    chris
    Apr 8, 2006
  3. none
    Replies:
    5
    Views:
    3,209
  4. Replies:
    1
    Views:
    1,100
    Rohan
    Nov 18, 2006
  5. Andy
    Replies:
    3
    Views:
    1,175
Loading...

Share This Page