Re: Router can't resolve domain names

jfriend29 · ‎07-06-2012

First off I'm a cisco noob so I relialize I'm probably asking a rediculous question. I am currently setting up a UC540 that I bought used that does not have a configuration. The problem I have encountered is the router is capable of pinging IP addresses but is unable to ping domain names. Furthermore I am unable to access internet resources from my workstation that is directly connected to the router. The router is directly connected to my cable modem.

I started over again from scratch and only have what I believe to be the bare minimum in the config to get started. My current config is as follows:

Building configuration...

Current configuration : 1849 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
!
!
dot11 syslog
ip source-route
ip cef
!
!
!
!
ip name-server 207.255.0.130
ip name-server 207.255.0.131
no ipv6 cef
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
license udi pid UC540W-FXO-K9 sn FGL160527A1
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0/0
ip address 72.28.*.* 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface Integrated-Service-Engine0/0
no ip address
shutdown
!
!
interface FastEthernet0/1/0
!
!
interface FastEthernet0/1/1
!
!
interface FastEthernet0/1/2
!
!
interface FastEthernet0/1/3
!
!
interface FastEthernet0/1/4
!
!
interface FastEthernet0/1/5
!
!
interface FastEthernet0/1/6
!
!
interface FastEthernet0/1/7
!
!
interface FastEthernet0/1/8
!
!
interface Dot11Radio0/5/0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
!
interface Vlan1
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 72.28.*.*
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
voice-port 0/0/0
!
voice-port 0/0/1
!
voice-port 0/0/2
!
voice-port 0/0/3
!
voice-port 0/1/0
!
voice-port 0/1/1
!
voice-port 0/1/2
!
voice-port 0/1/3
!
voice-port 0/4/0
auto-cut-through
signal immediate
input gain auto-control
description Music On Hold Port
!
!
!
!
!
!
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
login
!
end

Any help would be greatly appreciated.

THANKS!

smehrnia · ‎07-06-2012

Hi Jeff,

for your internal PC's to access internet, u need to complete ur NAT setting:

(config)# access-list 15 permit 192.168.10.0 0.0.0.255
(config)# ip nat inside source list 15 interface Fa0/0 overload

add dns server 8.8.8.8, see if it works:

(config)# ip name-server 8.8.8.8

(config)# ip domain lookup

Hope it Helps,

plz Rate helpful posts.

Soroush.

Hope it Helps!

Soroush.

jfriend29 · ‎07-06-2012

Hi Soroush,

Thanks for the quick response. I implemented your config changes and get the following when pinging google.com:

Router#ping google.com

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2607:F8B0:4004:800::1005, timeout is 2 seconds:

% No valid route for destination
Success rate is 0 percent (0/1)
Router#

And this is what I receive when pinging google's IP(74.125.228.8)

Router#ping 74.125.228.8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 74.125.228.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/26/32 ms
Router#

jfriend29 · ‎07-06-2012

BTW here is the updated config:

Current configuration : 1997 bytes
!
version 12.4
service config
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
!
!
dot11 syslog
ip source-route
ip cef
!
!
!
!
ip name-server 207.255.0.130
ip name-server 207.255.0.131
ip name-server 8.8.8.8
no ipv6 cef
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
license udi pid UC540W-FXO-K9 sn FGL160527A1
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0/0
ip address 72.28.*.* 255.255.255.0

ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface Integrated-Service-Engine0/0
no ip address
shutdown
!
!
interface FastEthernet0/1/0
!
!
interface FastEthernet0/1/1
!
!
interface FastEthernet0/1/2
!
!
interface FastEthernet0/1/3
!
!
interface FastEthernet0/1/4
!
!
interface FastEthernet0/1/5
!
!
interface FastEthernet0/1/6
!
!
interface FastEthernet0/1/7
!
!
interface FastEthernet0/1/8
!
!
interface Dot11Radio0/5/0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
!
interface Vlan1
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 72.28.*.*

!
no ip http server
no ip http secure-server
ip nat inside source list 15 interface FastEthernet0/0 overload
!
access-list 15 permit 192.168.10.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
!
!
voice-port 0/0/0
!
voice-port 0/0/1
!
voice-port 0/0/2
!
voice-port 0/0/3
!
voice-port 0/1/0
!
voice-port 0/1/1
!
voice-port 0/1/2
!
voice-port 0/1/3
!
voice-port 0/4/0
auto-cut-through
signal immediate
input gain auto-control
description Music On Hold Port
!
!
!
!
!
!
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
login
!
end

Hazaken · ‎02-10-2019

Very helpful for me, thank you for posting this resolution.

Alessio Andreoli · ‎07-06-2012

hi Jeff,

keep in mid after trying what Soroush did suggest you that the ISP often filter the DNS queries and very possibly they are providing their DNS service . this implies that you ahve to take out the name-server configuration and to set in case an ip helper address on the vlan 1 (internal vlan) to address the request running on port 53.

When you'll take away this config and completed the NAT issue an ipconfig /all on your PC ( or ifconfig with Linux) and share the results. If i am right and if your PC can ping your router, you will get the DNS ip addresses without config.

Let us know

Alessio

PS: you forgot an internal DHCP Server!!!

jfriend29 · ‎07-06-2012

Hi Alessio,

I'm statically assigning my IP on my computer. Here are the stats:

IP: 192.168.10.100

DNS: 255.255.255.0

Default Gateway: 192.168.10.1

Primary DNS: 207.255.0.130 <-----Given to me by my ISP

Secondary DNS: 207.255.0.131 <-----Given to me by my ISP

Thanks.

Alessio Andreoli · ‎07-06-2012

when you ping the google website, specify the source ip:

ping www.google.com source 10.2.1.120 repeat 10

HTH

Alessio

I was also thinking that you do not need NAT. Your addresses are both private and NAT'd to the ISP Core... For what to NAT again?

Just route out your network if you do not want to hide it! Hopefully no filters are in place on the ISP!!!

jfriend29 · ‎07-06-2012

Alessio,

I get an error with that command:

Router#ping www.google.com source 10.2.1.120 repeat 10
Translating "www.google.com"...domain server (207.255.0.130) [OK]
^
% Invalid input detected at '^' marker.

Router#

Thanks.

Alessio Andreoli · ‎07-06-2012

Maybe it works differently with your IOS ...

Howevernow you know that you need to enable logging to understand what is happening.

conf t

logg buff 16384 debug

end

wr

|

then:

ping 207.255.0.130 source 10.2.1.120

and

ping 207.255.0.130 source 192.168.10.1

if the first is successful and the second is not, try to take away the NAT. If you can share the full config would be helpful.

jfriend29 · ‎07-09-2012

I took away the NAT with the following results:

External IP address:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 207.255.0.130, timeout is 2 seconds:

Packet sent with a source address of 10.2.1.120

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/12/20 ms

Internal IP address:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 207.255.0.130, timeout is 2 seconds:

Packet sent with a source address of 192.168.10.1

.....

Success rate is 0 percent (0/5)

smehrnia · ‎07-06-2012

Jeff,

that ip address for the next-hop in ip route command, where is that pointing?

if its the cable modem, could u remove previous ip name-server commands and add ONE with the modem's ip?

can your workstations ping outside now? by ip.

HTH,

Soroush.

Hope it Helps!

Soroush.

Alessio Andreoli · ‎07-06-2012

Hi Soroush,

by now it is :

PC->Cisco router->modem (in bridged config)-> ISP

IP PC: 192.168.10.100/24

IP Gateway 192.168.10.1/24

NAT to Fa0/0 = 10.2.1.120

from router the internet is pingable, settings dns do not work

Waiting for other info

Alessio

smehrnia · ‎07-06-2012

you n jeff are a same person?

where is this 10.2.1.120 came from?

Soroush.

Hope it Helps!

Soroush.

jfriend29 · ‎07-09-2012

Soroush,

We are certainly different people.

-Jeff