10-16-2002 11:23 AM - edited 03-02-2019 02:07 AM
How do I configure this router to resolve DNS names of my internal network for users on the internet? I have a W2K DNS server in the internal network. (ip nr 10.0.0.1, router has 10.0.0.254)
When I open port 53 it won't work even with PAT.
Thanks
10-16-2002 06:13 PM
Im not shure about the question, but, here are my interpretations
1- If you need that the router use the dns inside your LAN, in the router you need to config the following
ip domain-lookup
ip name-server 10.0.0.1
2-If you need the dns resolve the LAN addresses , accesed from internet, you need to configure the DNS registers with the public IP address of the servers, and then you may configure static nat between the private/public IP of the servers. This is called DNS Doctoring.
Example: suppose web server in 10.0.0.2 , smtp in 10.0.0.3 and the public pool is 200.1.2.1-200.1.2.5
First you need to configure the dns server with the public addreses like
A dns 200.1.1.1
A smtp 200.1.2.2
A www 200.1.2.3
then, you need to configure nat in the router
ip nat inside source static 10.0.0.2 200.1.2.2
ip nat inside source static 10.0.0.3 200.1.2.3
then apply the nat statements
in the wan interface:
ip nat outside
in the lan interface:
ip nat inside
if anybody ask from Inet to the dns, it will resolve with the configured public entries. If anybody from inside the lan, ask to the inside dns server, it will answer with the public configured entry , but here is where DNS Doctoring, will translate the public to private addresses like theyre configured in the nat statement, so the internal hosts can comunicate within the internal servers in private addressing.
I hope it help you. I've tested this several times and it works great!
(In the pix it can be achieved with the alias command (with pix soft > 6))
--
Alexis Fidalgo
Systems Engineer
AT&T Argentina
10-17-2002 10:15 AM
Dear Alexis,
Thanks for the quick response! I tried it but this still does not work.
I will explain it.
Schematically it looks like this:
Internet <---> (213.xxx.xxx.xxx) Cisco827H (10.0.0.254) <---> (10.0.0.1) W2K server named sittard [DNS, routing and remote access, IIS etc.] (192.168.168.254) <----> (192.168.168.1) Mobile Information server
When I try to trace or ping or try to connect to sittard.jonkers.xs4all.nl with a laptop what is connected to the internet via RAS (dial-up analog modem)I get the responce of host unknown.
When I ping jonkers.xs4all.nl it replies with 213.xxx.xxx.xxx.
Every thing works except that users outside my network (internet) can not resolve the ip of my internal hosts.
The cisco configuration is shown below:
Current configuration : 2294 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
username Router password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ip subnet-zero
ip name-server 10.0.0.1
!
!
!
!
interface Ethernet0
ip address 10.0.0.254 255.0.0.0
ip nat inside
hold-queue 100 out
!
interface ATM0
no ip address
atm vc-per-vp 64
no atm ilmi-keepalive
pvc 8/48
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface Dialer0
no ip address
no cdp enable
!
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ppp chap password 7 094144584F5645
ppp pap sent-username xxxxxxxxxxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static udp 10.0.0.1 53 interface Dialer1 53
ip nat inside source static tcp 10.0.0.1 53 interface Dialer1 53
ip nat inside source static udp 10.0.0.1 1723 interface Dialer1 1723
ip nat inside source static udp 10.0.0.1 1701 interface Dialer1 1701
ip nat inside source static tcp 10.0.0.1 25 interface Dialer1 25
ip nat inside source static tcp 10.0.0.1 110 interface Dialer1 110
ip nat inside source static tcp 10.0.0.1 21 interface Dialer1 21
ip nat inside source static tcp 10.0.0.1 80 interface Dialer1 80
ip nat inside source static tcp 10.0.0.1 3389 interface Dialer1 3389
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.168.0 255.255.255.0 10.0.0.1
ip http server
!
!
access-list 23 permit 10.0.0.0 0.255.255.255
access-list 101 permit tcp any any
access-list 102 permit ip 10.0.0.0 0.255.255.255 any
access-list 102 permit ip 192.168.168.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 120 0
stopbits 1
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
end
10-17-2002 06:28 PM
im trying and i cant connect to the server.
but, change this to test
access-list 10 deny host 10.0.0.1
access-list 10 permit 10.0.0.0 0.0.0.255
access-list 10 permit 192.168.168.0 0.0.0.255
then remove all nat statements and then add
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source static 10.0.0.1 interface Dialer1
and test it again please.
Let me know the results
10-18-2002 08:25 AM
Hi server is up and running now. I tried it what you suggested. I still cannot ping sittard.jonkers.xs4all.nl.
This is now the config:
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
enable secret 5 $xxxxxxxxxxxxxxxxxxxxxxxxxxxx/
!
username Router password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ip subnet-zero
ip name-server 10.0.0.1
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.0.0.1
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease 0 2
!
!
!
!
interface Ethernet0
ip address 10.0.0.254 255.0.0.0
ip nat inside
hold-queue 100 out
!
interface ATM0
no ip address
atm vc-per-vp 64
no atm ilmi-keepalive
pvc 8/48
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface Dialer0
no ip address
no cdp enable
!
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxxxxxxxxx password 7 xxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source static 10.0.0.1 interface Dialer1
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.168.0 255.255.255.0 10.0.0.1
ip http server
!
!
access-list 10 deny 10.0.0.1
access-list 10 permit 10.0.0.0 0.0.0.255
access-list 10 permit 192.168.168.0 0.0.0.255
access-list 23 permit 10.0.0.0 0.255.255.255
access-list 101 permit tcp any any
access-list 102 permit ip 10.0.0.0 0.255.255.255 any
access-list 102 permit ip 192.168.168.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 120 0
stopbits 1
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
end
10-18-2002 09:31 AM
Hi Nattie,
To me, this appears to be a DNS issue. To begin with as jonkers.xs4all.nl is
resolvable...
C:\>ping jonkers.xs4all.nl
Pinging jonkers.xs4all.nl [213.84.151.169] with 32 bytes of data:
Reply from 213.84.151.169: bytes=32 time=190ms TTL=114
Reply from 213.84.151.169: bytes=32 time=180ms TTL=114
Reply from 213.84.151.169: bytes=32 time=190ms TTL=114
Reply from 213.84.151.169: bytes=32 time=180ms TTL=114
Ping statistics for 213.84.151.169:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 180ms, Maximum = 190ms, Average = 185ms
sittard.jonkers.xs4all.nl is not resolvable at all...
C:\>ping sittard.jonkers.xs4all.nl
Unknown host sittard.jonkers.xs4all.nl.
Since both DNS names would be resolved from the parent DNS servers of...
xs4all.nl NS (Nameserver) ns.ripe.net
xs4all.nl NS (Nameserver) ns.xs4all.nl
xs4all.nl NS (Nameserver) ns2.xs4all.nl
There would need to be a entry for sittard.jonkers.xs4all.nl in the DNS servers as well. Appears that that host doesn't exist to the outside world, but it would inside the LAN due to the machine name being resolved. Or did I interprete your situation wrong?
10-18-2002 09:37 AM
Hi,
jonkers.xs4all.nl is known by xs4all.nl NS so if this DNS server does not know the host sittard, it will forward the request to jonkers.xs4all.nl.
Or is it not?
10-18-2002 09:39 AM
If I get Sniffer pro and monitor if there is any DNS traffic to the W2K DNS server there is none.
10-20-2002 12:08 PM
I have contacted my service provider about this. They say that sittard.jonkers.xs4all.nl has to have a record in there nameserver.
The nameserver knows the domain jonkers.xs4all.nl but not sittard.jonkers.xs4all.nl. So if I have a DNS for jonkers.xs4all.nl, this server has to resolve it on my server. Or is it not?
As I understand DNS, if the server does not know it he will forward it to the next which knows more.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide