Weird DNS issue

Unanswered Question
Dec 2nd, 2008
User Badges:

Hi. One of our customers has recently started having strange DNS issues when trying to browse the internet (email and AV updates are working fine). They use a Cisco 877 integrated device as their default gateway, service provider is BT (UK). I can ping the internet OK but cannot browse to most sites e.g. and are OK but, are not (in fact, microsoft and symantec are the only ones I've managed to connect to so far).

I've checked with BT that our public DNS server IPs are correct. I've also tried using Firefox to no avail.

I've only encountered this problem once before (on a Netgear router) and this required a firmware upgrade. However, my Cisco logon doesn't give me access to download upgrades so I'm hoping thats not the problem this time. IOS version is 12.4(6)T6

Has anyone encountered this problem before? Any ideas on how I can resolve? Any help/pointers would be greatly appreciated.

Thanks Rex.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.5 (2 ratings)
John Blakley Tue, 12/02/2008 - 08:23
User Badges:
  • Purple, 4500 points or more

Do you have an ACL on the public interface? If so, I've seen the acl block dns traffic coming from the provider that you specify. I would try to allow your dns providers ip through your router on udp 53 to see if this helps. You can see this in your logs as well.



rmcarthur Tue, 12/02/2008 - 08:38
User Badges:
  • Bronze, 100 points or more

Hi Rex, can you ping from a host command shell?

You should see dns resolve the ip then successful pings to the destination.

If that works then it is unlikely to be a dns issue and I would look to the firewall/acl configuration.

If it doesn't, manually configure the host to temporarily use as it's dns server and try again.

If that works it is likely to be a provider dns problem.

Hope this helps

Rex Biesty Thu, 12/04/2008 - 02:54
User Badges:

Hi, and thanks for the reply.

I could ping I also discovered I could browse to https sites. Eventually resolved by turning on http inspection (not something I'm familiar with but seems to work).

My guess is that whoever did the original config didn't save back to startup config and the router got rebooted. Anyway, all working now and thanks for your help.

rmcarthur Thu, 12/04/2008 - 05:25
User Badges:
  • Bronze, 100 points or more

Glad to hear you got it resolved Rex.

Thanks for the rating.


This Discussion