Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

[Configure a router to always query DNS]


For an IPSEC application I require a router to ALWAYS query DNS to solve a host name. From what I've seen once it queries DNS, the router stores the response in memory and as long a you don't clear the host list (clear host *), it'll never ask DNS again.

Is there a command to change this behavior?

Thanks in advance!


Hall of Fame Super Gold
New Member

Re: [Configure a router to always query DNS]


That's exactly what I'm doing, BUT...the problem is that the initiating router caches the DNS resolution for the terminating router. If the IP on the terminating router changes (say a DSL connection), the initiating router still tries the previous IP address.

My configuration is exactly that. Tunnels work the first time around. The problem is that the IKE engine NEVER queries DNS again.

Any ideas?


Hall of Fame Super Gold

Re: [Configure a router to always query DNS]

My understanding is that the feature above mentioned addresses your issue.

You should verify your configuration (set peer dynamic) and if the router doesn't behave as documented, contact the TAC.

New Member

Re: [Configure a router to always query DNS]

Yup. We agree 100% that's what that command and feature should be doing, but it's not. I've tried different IOS versions and platforms. Same result. Hopefully an SE will help me out.

Thanks a lot!


New Member

Re: [Configure a router to always query DNS]


At first the IP address for the tunnel termination was Then after a quick shut/noshut, the ip changed to


*Mar 1 00:33:39.055: %SYS-5-CONFIG_I: Configured from console by console

*Mar 1 00:33:39.379: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

*Mar 1 00:33:42.707: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned DHCP address, mask, hostname

But the tunnel initiator keeps trying the old IP address:

of2#ping source

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:

Packet sent with a source address of


*Mar 1 00:33:19.211: ISAKMP:(0): SA request profile is (NULL)

*Mar 1 00:33:19.211: ISAKMP: Created a peer struct for, peer port 500

*Mar 1 00:33:19.211: ISAKMP: New peer created peer = 0x850288A8 peer_handle = 0x80000003

*Mar 1 00:33:19.211: ISAKMP: Locking peer struct 0x850288A8, refcount 1 for isakmp_initiator

*Mar 1 00:33:19.211: ISAKMP: local port 500, remote port 500

*Mar 1 00:33:19.211: ISAKMP: set new node 0 to QM_IDLE

Any thoughts?


Hall of Fame Super Gold

Re: [Configure a router to always query DNS]

Do you have dynamic in set peer ?

If yes, and DDNS for the terminator is also correct, you have to complain to the TAC.

New Member

Re: [Configure a router to always query DNS]

Yes, I do have 'dynamic' in set peer.

And yes, DDNS is working perfectly. Sadly, I have no mechanism to open up a TAC case.

I work for a cisco partner and I'm building a demo environment for a customer.


As far as I know, the only channel for me is an SE.

CreatePlease login to create content