Configuring DNS on Cisco IOS routers

September 6, 2008 at 11:56 pm | Posted in IOS services | Leave a comment

Configuration

Client R1#
----------

ip name-server 2.2.2.2
! ip domain-lookup is enabled by default
ip domain-lookup

Server R2#
----------

ip dns server
! ip domain-lookup is enabled by default
ip domain-lookup

ip host R2 2.2.2.2
ip host R1 1.1.1.1
! We can point to another DNS server
ip name-server 61.8.8.8

! but DO NOT point name-server to itself
! NO ip name-server 2.2.2.2

Verification

R1#ping R2

Translating “R2″…domain server (2.2.2.2) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 155.1.0.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/58/60 ms
R1#
*Apr  7 11:35:07.163: Domain: query for R2 type 1 to 2.2.2.2
*Apr  7 11:35:07.195: DOM: dom2cache: hostname is R2, RR type=1, class=1, ttl=1, n=4Reply received ok

R2#debug domain
Domain Name System debugging is on
R2#
*Apr  7 02:18:27.683: DNS: Incoming UDP query (id#2)
*Apr  7 02:18:27.683: DNS: Type 1 DNS query (id#2) for host ‘R2’ from 12.0.0.1(58198)
*Apr  7 02:18:27.683: DNS: Query for my own hostname: R2
*Apr  7 02:18:27.683: DNS: Spoofing reply to query (id#2)
*Apr  7 02:18:27.683: DNS: Finished processing query (id#2) in 0.004 secs

REPRODUCE ROUTER CRASH

Router may crash if we configure it as a DNS server, and also point “ip name-server” to itself.

R2#c
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#ip name-server 2.2.2.2
R2(config)#
R2#
R2#
R2#

!
! The R2 successfully serves the DNS queuries
! for valid hostnames (When “ping R2” is issued on R1 router)

R1#ping R2

Translating “R2″…domain server (2.2.2.2) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 155.1.0.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/58/60 ms

*Apr  7 11:35:58.539: Domain: query for R2 type 1 to 2.2.2.2
*Apr  7 11:35:58.571: DOM: dom2cache: hostname is R2, RR type=1, class=1, ttl=1, n=4Reply received ok

R2#
*Apr  7 02:19:19.059: DNS: Incoming UDP query (id#3)
*Apr  7 02:19:19.059: DNS: Type 1 DNS query (id#3) for host ‘R2’ from 12.0.0.1(54174)
*Apr  7 02:19:19.059: DNS: Query for my own hostname: R2
*Apr  7 02:19:19.059: DNS: Spoofing reply to query (id#3)
*Apr  7 02:19:19.059: DNS: Finished processing query (id#3) in 0.000 secs
R2#
R2#

! The R2 crashes when “ping R3” is issued on R1 router

R1#ping R3

Translating “R3″…domain server (2.2.2.2)
*Apr  7 11:36:22.991: Domain: query for R3 type 1 to 2.2.2.2
% Unrecognized host or address, or protocol not running.

timed out

*Apr  7 11:36:55.459: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to down
*Apr  7 11:36:55.459: %OSPF-5-ADJCHG: Process 1, Nbr 12.0.0.2 on Serial0/1 from FULL to DOWN, Neighbor Down: Interface down or detached

! As R2 cannot resolve IP for hostname R3, it tries to forward the queury to
! the next DNS server with IP address of itself. And the request keeps

! looping within R2.
!
!

R2#

DNS: Re-sending DNS query (type 1, id#4) to 2.2.2.2
DNS: Incoming UDP query (id#4)
DNS: Type 1 DNS query (id#4) for host ‘R3’ from 2.2.2.2(53)
DNS: Re-sending DNS query (type 1, id#4) to 2.2.2.2
DNS: Incoming UDP query (id#4)
DNS: Type 1 DNS query (id#4) for host ‘R3’ from 2.2.2.2(53)
DNS: Re-sending DNS query (type 1, id#4) to 2.2.2.2
DNS: Incoming UDP query (id#4)
DNS: Type 1 DNS query (id#4) for host ‘R3’ from 2.2.2.2(53)
DNS: Re-sending DNS query (type 1, id#4) to 2.2.2.2
DNS: Incoming UDP query (id#4)
DNS: Type 1 DNS query (id#4) for host ‘R3’ from 2.2.2.2(53)
DNS: Re-sending DNS query (type 1, id#4) to 2.2.2.2
DNS: Incoming UDP query (id#4)
DNS: Type 1 DNS query (id#4) for host ‘R3’ from 2.2.2.2(53)
DNS: Re-sending DNS query (type 1, id#4) to 2.2.2.2
DNS: Incoming UDP query (id#4)
DNS: Type 1 DNS query (id#4) for host ‘R3’ from 2.2.2.2(53)
DNS: Re-sending DNS query (type 1, id#4) to 2.2.2.2
DNS: Incoming UDP query (id#4)
DNS: Type 1 DNS query (id#4) for host ‘R3’ from 2.2.2.2(53)
DNS: Re-sending DNS query (type 1, id#4) to 2.2.2.2
DNS: Incoming UDP query (id#4)
Doc CD Navigation

Advertisements

Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: