11-11-2009 01:53 AM
We have a Cisco 1841 router. we have configured it to act as primary DNS server and also as caching/forwarding DNS server. It is working correctly when queried for domain for which it is authoritative server.
But when we query for other Internet sites like yahoo.com, apache.org etc, first time it resolves correctly (we have configured upstream DNS server as openDNS). But when we query for same sites(which are already in the cache) again we are not getting response.
Please let us know what is the likely problem ?
What is the way to configure a non-caching forward only DNS server ?
11-11-2009 03:02 PM
... the following config is working flawlessly here:
boot system flash:system/c1841-advsecurityk9-mz.124-15.T11.bin
hostname edge-router
ip domain name mycompany.com
interface FastEthernet0/0
description InterNet uplink
ip dhcp client client-id FastEthernet0/0
ip dhcp client hostname modem
ip dhcp client lease 3 0 0
ip address dhcp
ip nat outside
exit
interface FastEthernet0/1
description IntraNet downlink
ip address #.#.#.# #.#.#.# ... ie: router inside
ip nat inside
exit
ip dns view dnsVedgeServersISP
domain timeout 4
domain retry 3
domain resolver source-interface FastEthernet0/0
domain name-server interface FastEthernet0/0
domain round-robin
exit
ip access-list standard aclDNSedge
remark the following hosts will be be granted access to the edge DNS server service:
remark inverted mask for 255.255.255.240 is 0.0.0.15 while single host is 0.0.0.0
permit #.#.#.# ... ie; your internal domain DNS server address; eg: Active Directory DNS server
deny any
exit
ip dns view dnsVedgeServersCustom
no domain lookup
dns forwarding timeout 4
dns forwarding retry 3
dns forwarding
dns forwarder #.#.#.#
dns forwarder #.#.#.#
dns forwarder #.#.#.#
exit
ip dns view-list dnsVLedge
view dnsVedgeServersISP 1
restrict source access-group aclDNSedge
exit
exit
ip dns view-list dnsVLedgeServersCustom
view dnsVedgeServersCustom 1
restrict source access-group aclDNSedge
exit
exit
ip dns server
...
ip dns server view-group dnsVLedgeServersISP ... if you want to forward to the servers suggested by your ISP
ip dns server view-group dnsVLedgeServersCustom ... if you want to forward to everywhere else
... my internal DNS server qeuries the edge router DNS server which in turn forwards to public servers
... my internal DNS server never queries the internet; it has no access, it should go to the router
... have you tried debug dns ? ... it helps a lot; you can see the packets and figure out what the server is doing
... if you need more details just ask :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide