Slow DNS lookups with Cisco 837

marks775c · ‎07-22-2006

Hi,

I've recently upgraded to a Cisco 837 ADSL router and it's working ok apart from one problem.

I run my own DNS server on my internal network and all PCs on my network use it for DNS lookups. It's a Windows Server 2003 box running the Microsoft DNS service.

Under my last router this worked fine, but with this router DNS lookups are horrendously slow, usually taking over 10 seconds to lookup a website.

When I set my PCs to use public external DNS servers (like 4.2.2.1 & 4.2.2.2) DNS lookups are reasonably normal speed, which indicates that it's a problem inside my network.

The DNS server has not been changed at a ll since changing routers, so I have no idea what the problem is.

globalnettech · ‎07-22-2006

Hello Mark,

can you post the configuration of your 837, and indicate what the IP address is of your internal DNS server ?

Regards,

GNT

marks775c · ‎07-22-2006

Thanks for the reply, here it is.

The DNS server is 192.168.1.3 and my PC is 192.168.1.5, and I'm using one-to-one NAT to translate the private addresses into my public /29 IP address range:

Current configuration : 1390 bytes

!

! Last configuration change at 00:00:03 UTC Sat Jul 22 2006

! NVRAM config last updated at 22:36:34 UTC Fri Jul 21 2006

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname WAN-1

!

logging queue-limit 100

enable secret

!

ip subnet-zero

!

ip audit notify log

ip audit po max-events 100

no ftp-server write-enable

!

interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside

hold-queue 100 out

!

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

dsl operating-mode auto

!

interface Dialer0

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

ppp authentication chap pap callin

ppp chap hostname

ppp chap password

ppp pap sent-username password

!

ip nat inside source static 192.168.1.3 87.127.54.19

ip nat inside source static 192.168.1.5 87.127.54.21

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

no ip http server

no ip http secure-server

!

line con 0

password

logging synchronous

login

no modem enable

stopbits 1

line aux 0

stopbits 1

line vty 0 4

password

login

!

scheduler max-task-time 5000

!

end

globalnettech · ‎07-22-2006

Hello,

I assume you need the DNS server to be accessible from the outside as well ? If so, try and add:

ip dns server 192.168.1.3

to your configuration. Also, make sure your client 192.168.1.5 has the address of the DNS server configured in the local TCP/IP connection settings (obvious, I guess...)

If there is no need for the DNS server to be accessible from the outside, just remove the line:

ip nat inside source static 192.168.1.3 87.127.54.19

from your configuration alltogether.

Regards,

GNT

marks775c · ‎07-22-2006

Hi,

Yes, I have configured the clients to use the DNS server. Also, the DNS server must be accessable from the internet as it also hosts a website.

I tried entering the command both in global configuration and in priviledged exec but it wouldn't let me, it came up with "invalid input detected".

marks775c · ‎07-22-2006

Ok, I think that command was slightly different on this router, I used the "ip name-server 192.168.1.3" command and that worked, but DNS is still slow.

jonathan.wilson · ‎08-07-2006

I have noticed the same thing with an 837 router - slow performance of the built-in DNS server. From a few hints I gleaned from packet traces, looked like it was not caching responses but passing them all to an authoritative DNS server. That would slow things down considerably...

Regards

Jonathan

Wilson Samuel · ‎08-08-2006

Hi Jonathan,

Try making an entry to your DNS Server to look for a root server specified by you e.g 4.2.2.2.

You can make this entry in to the Win2k3 Server's DNS Config.

Hope it works,

Regards,

Wilson Samuel