Problem with Cisco router as DNS server

Unanswered Question
Nov 11th, 2009
User Badges:

We have a Cisco 1841 router. we have configured it to act as primary DNS server and also as caching/forwarding DNS server. It is working correctly when queried for domain for which it is authoritative server.

But when we query for other Internet sites like, etc, first time it resolves correctly (we have configured upstream DNS server as openDNS). But when we query for same sites(which are already in the cache) again we are not getting response.

Please let us know what is the likely problem ?

What is the way to configure a non-caching forward only DNS server ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
nlariguet Wed, 11/11/2009 - 15:02
User Badges:

... the following config is working flawlessly here:

boot system flash:system/c1841-advsecurityk9-mz.124-15.T11.bin

hostname edge-router

ip domain name

interface FastEthernet0/0

description InterNet uplink

ip dhcp client client-id FastEthernet0/0

ip dhcp client hostname modem

ip dhcp client lease 3 0 0

ip address dhcp

ip nat outside


interface FastEthernet0/1

description IntraNet downlink

ip address #.#.#.# #.#.#.# ... ie: router inside

ip nat inside


ip dns view dnsVedgeServersISP

domain timeout 4

domain retry 3

domain resolver source-interface FastEthernet0/0

domain name-server interface FastEthernet0/0

domain round-robin


ip access-list standard aclDNSedge

remark the following hosts will be be granted access to the edge DNS server service:

remark inverted mask for is while single host is

permit #.#.#.# ... ie; your internal domain DNS server address; eg: Active Directory DNS server

deny any


ip dns view dnsVedgeServersCustom

no domain lookup

dns forwarding timeout 4

dns forwarding retry 3

dns forwarding

dns forwarder #.#.#.#

dns forwarder #.#.#.#

dns forwarder #.#.#.#


ip dns view-list dnsVLedge

view dnsVedgeServersISP 1

restrict source access-group aclDNSedge



ip dns view-list dnsVLedgeServersCustom

view dnsVedgeServersCustom 1

restrict source access-group aclDNSedge



ip dns server


ip dns server view-group dnsVLedgeServersISP ... if you want to forward to the servers suggested by your ISP

ip dns server view-group dnsVLedgeServersCustom ... if you want to forward to everywhere else

... my internal DNS server qeuries the edge router DNS server which in turn forwards to public servers

... my internal DNS server never queries the internet; it has no access, it should go to the router

... have you tried debug dns ? ... it helps a lot; you can see the packets and figure out what the server is doing

... if you need more details just ask :)


This Discussion