cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
540
Views
0
Helpful
2
Replies

DNS Server on IOS

Jacob Zartmann
Level 1
Level 1

Hi,

I'm trying to configure a router as DNS server without "luck".

I've tried various things:

ip domain name net.sub.tld

ip name-server 8.8.8.8

ip host r1.net.sub.tld

ip dns server

ip dns primary net.sub.tld soa ns.net.sub.tld mailbox.net.sub.tld 21600 900 7776000 86400

I can do lookups on the router, but through the router I can't.

After I've done a lookup on the router and it gets the reply, it enters it in the hosts table (show hosts). NOW clients are able to resolve only this entry.

Local entries in the zone net.sub.tld works perfectly!

Any suggestions?

I've also tried to configure forwarder and source interfaces in the ip dns view default, but it's all the same.

The platform is a 1921 running IOS Version 15.1(4)M7

Thanks,

/JZ

2 Replies 2

Sandeep Choudhary
VIP Alumni
VIP Alumni

Hi Jacob,

I dont know about it will work on router or not

But here are the steps:

1. enable

2. configure terminal

3. ip dns server

4. ip name-server server-address1 [server-address2...server-address6]

5. ip dns server queue limit {forwarder queue-size-limit | director queue-size-limit}

6. ip host [vrf vrf-name] [view view-name] hostname {address1 [address2 ... address8] | additional address9 [address10 ... addressn]}

7. ip dns primary domain-name soa server-name mailbox-name [refresh-interval [retry-interval [expire-ttl [minimum-ttl]]]]

8. ip host domain-name ns server-name

to check more please check this document.

Hope it helps.

Regards

Dont forget to rate helpful posts.

chad patterson
Level 1
Level 1

Could it be an access list? Are you allowing UDP packets to pass through on port 53?

This should be enough if there is no ACL issue:

 

 

ip domain name server.serve

ip name-server 208.67.222.222
ip name-server 208.67.220.220

ip dns view default
   dns forwarder 208.67.222.222
   dns forwarder 208.67.220.220
ip dns server queue limit forwarder 1500
ip dns server

 

 

Then maybe put this access list on your WAN interface in:

ip access-list extended DENY-DNS-FROM-WAN
 permit udp host 208.67.220.220 any eq domain
 permit udp host 208.67.222.222 any eq domain
 deny   udp any any eq domain
 permit ip any any

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco