Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DNS

how would you know what DNS is being used on a router ? can we verify it ?

4 REPLIES
Purple

Re: DNS

Hi,

I'm not sure I understand your question.. are you asking how to determine what name-servers are configured on a router ?

Paresh

Bronze

Re: DNS

If your router obtains an ip address from another device using DHCP then the DNS is assigned automatically by the device assigning the DHCP address.

You can definitely troubleshoot this using the

debug dhcp detail command

HTH

Please rate posts that help

Regards

Arvind

Gold

Re: DNS

(A) If you are asking about the router itself, look in the config for one or more command lines like this:

ip name-server x.x.x.x

ip name-server y.y.y.y

where x.x.x.x and y.y.y.y are IP addresses of DNS servers.

(B) If you are asking about identifying what DNS servers are being accessed via your router, you can do that using access-lists and logging. Try these commands (assuming a router with a FastEthernet0/0 LAN port and a Serial0/0 WAN port):

logging buffered 16384 debugging

interface FastEthernet0/0

ip address f.f.f.f 255.255.255.0

ip access-group LAN-IN in

ip access-group LAN-OUT out

interface Serial0/0

ip address s.s.s.s 255.255.255.252

ip access-list extended LAN-IN

remark Log the DNS servers LAN users access which are not on the LAN.

permit udp any any eq domain log

permit tcp any any eq domain log

permit ip any any

ip access-list extended LAN-OUT

remark Log the DNS servers on your LAN which are accessed by users who are not on your LAN.

permit udp any any eq domain log

permit tcp any any eq domain log

permit ip any any

NOTE: "domain" is the well-known name for port 53, which is the port number that DNS uses. If you enter the number 53 after "eq" the router will automatically convert it to "domain".

Run the "show logging" command to see the IP addresses of the DNS servers being accessed. The log messages will tell you which access-list created each entry, the source IP address of who made the DNS request, and the destination IP address of the DNS server.

After you get a sampling of server IP addresses from the log, you should probably just remove the access-lists from the interface, using the commands

interface FastEthernet0/0

no access-group LAN-IN in

no access-group LAN-OUT out

Or you can modify the access-lists to just track hits to those specific servers and log any new ones:

ip access-list extended LAN-IN

remark Log the DNS servers LAN users access which are not on the LAN.

permit udp any host x.x.x.x eq domain

permit tcp any host x.x.x.x eq domain

permit udp any host y.y.y.y eq domain

permit tcp any host y.y.y.y eq domain

permit udp any any eq domain log

permit tcp any any eq domain log

permit ip any any

ip access-list extended LAN-OUT

remark Log the DNS servers on your LAN which are accessed by users who are not on your LAN.

permit udp any host z.z.z.z eq domain

permit tcp any host z.z.z.z eq domain

permit udp any any eq domain log

permit tcp any any eq domain log

permit ip any any

Where x.x.x.x, y.y.y.y, and z.z.z.z are DNS servers you found in your log messages.

*****CAUTION: If your LAN users point to a DNS server on your LAN, and the DNS server on your LAN does all the lookups on behalf of the users, you will see many, many, many log messages!!! One or more for each URL that is resolved to an IP address. All this logging could seriously impact router CPU performance. If you know you have a DNS server on your LAN that your LAN users refer to for lookups, modify the LAN-IN access list so that it starts with permits for tcp and udp from "host d.d.d.d" to "any eq domain" without the "log" parameter.*****

Gold

Re: DNS

continued from my previous post:

(C) You could also configure NetFlow. Either periodically check the flows for DNS sessions ("show ip cache flow" and look for ports 0035 in hexadecimal, or 0053 in decimal, or "domain" depending on your router) or export the NetFlow data to a free or 30-day trial collector such as AdventNet's ManageEngine NetFlow Analyzer 5 (http://manageengine.adventnet.com/products/netflow/index.html).

Setup of NetFlow is relatively simple:

ip cef

interface FastEthernet0/0

ip address f.f.f.f 255.255.255.0

ip route-cache flow

interface Serial0/0

ip address s.s.s.s 255.255.255.252

ip route-cache flow

But configuring NetFlow data export is a little more involved, with tuning of flow timeout settings etc. AdventNet's website has specifics for their application, which you will probably find more uses for than just discovering what DNS servers are being used across your router.

266
Views
0
Helpful
4
Replies