Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

DNS Server on IOS

Hi,

I'm trying to configure a router as DNS server without "luck".

I've tried various things:

ip domain name net.sub.tld

ip name-server 8.8.8.8

ip host r1.net.sub.tld

ip dns server

ip dns primary net.sub.tld soa ns.net.sub.tld mailbox.net.sub.tld 21600 900 7776000 86400

I can do lookups on the router, but through the router I can't.

After I've done a lookup on the router and it gets the reply, it enters it in the hosts table (show hosts). NOW clients are able to resolve only this entry.

Local entries in the zone net.sub.tld works perfectly!

Any suggestions?

I've also tried to configure forwarder and source interfaces in the ip dns view default, but it's all the same.

The platform is a 1921 running IOS Version 15.1(4)M7

Thanks,

/JZ

2 REPLIES
VIP Purple

Re: DNS Server on IOS

Hi Jacob,

I dont know about it will work on router or not

But here are the steps:

1. enable

2. configure terminal

3. ip dns server

4. ip name-server server-address1 [server-address2...server-address6]

5. ip dns server queue limit {forwarder queue-size-limit | director queue-size-limit}

6. ip host [vrf vrf-name] [view view-name] hostname {address1 [address2 ... address8] | additional address9 [address10 ... addressn]}

7. ip dns primary domain-name soa server-name mailbox-name [refresh-interval [retry-interval [expire-ttl [minimum-ttl]]]]

8. ip host domain-name ns server-name

to check more please check this document.

Hope it helps.

Regards

Dont forget to rate helpful posts.

New Member

Could it be an access list?

Could it be an access list? Are you allowing UDP packets to pass through on port 53?

This should be enough if there is no ACL issue:

 

 

ip domain name server.serve

ip name-server 208.67.222.222
ip name-server 208.67.220.220

ip dns view default
   dns forwarder 208.67.222.222
   dns forwarder 208.67.220.220
ip dns server queue limit forwarder 1500
ip dns server

 

 

Then maybe put this access list on your WAN interface in:

ip access-list extended DENY-DNS-FROM-WAN
 permit udp host 208.67.220.220 any eq domain
 permit udp host 208.67.222.222 any eq domain
 deny   udp any any eq domain
 permit ip any any

 

276
Views
0
Helpful
2
Replies
CreatePlease to create content