Re: DNS Server forward look up times out

wtsmith · ‎05-03-2024

Hello, I am very new to networking and I am currently trying to set up a lab in my computer science class. I am trying to set a forward lookup zone to our parent network's DNS server. When doing so the request says "A timeout occurred during validation" My DNS server cannot ping their DNS, but my router 2 can ping their DNS. I've also attached a picture of the topography. My DNS Server and DHCP are running off of the VLAN 200 with Proxmox. Let me know if seeing any configurations would be helpful!

balaji.bandi · ‎05-04-2024

It will be helpful if you can post Router2 (1941 configuration here)

 I am trying to set a forward lookup zone to our parent network's DNS server. When doing so the request says "A timeout occurred during validation" My DNS server cannot ping their DNS

can you give example of FQDN you trying to setup ?

Do you have FQDN or is the for Local DNS Lookup ?

guide lines for Router DNS setup :

https://www.cisco.com/c/en/us/support/docs/ip/domain-name-system-dns/24182-reversedns.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

wtsmith · ‎05-06-2024

They never gave me an FQDN just an IP (10.8.0.30) for their DNS

Here is Router2 config:

=~=~=~=~=~=~=~=~=~=~=~= MobaXterm log 2024.04.29 10:01:40 =~=~=~=~=~=~=~=~=~=~=~=

User Access Verification

Password:
Router2>en
Password:
Router2#show run
Building configuration...

Current configuration : 3221 bytes
!
! Last configuration change at 09:54:46 EST Mon Apr 29 2024
!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router2
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$IIt.$zOfnsB3P8YUT.TrU1X1Re0
!
no aaa new-model
clock timezone EST -5 0
!
!
!
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More--
--More--
--More-- !
--More-- !
--More-- !
--More-- !
--More-- no ip domain lookup
--More-- ip cef
--More-- no ipv6 cef
--More-- !
--More-- multilink bundle-name authenticated
--More-- !
--More-- !
--More-- !
--More-- !
--More-- license udi pid CISCO1941/K9 sn FTX142580CU
--More-- license boot module c1900 technology-package securityk9
--More-- license boot module c1900 technology-package datak9
--More-- !
--More-- !
--More-- !
--More-- redundancy
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- interface Loopback0
--More-- ip address 172.16.255.2 255.255.255.255
--More-- !
--More-- interface Embedded-Service-Engine0/0
--More-- no ip address
--More-- shutdown
--More-- !
--More-- interface GigabitEthernet0/0
--More-- description Router2 GE 0/0 to Switch2 GE 0/1
--More-- no ip address
--More-- duplex auto
--More-- speed auto
--More-- !
--More-- interface GigabitEthernet0/0.1
--More-- description VLAN 1 Management
--More-- encapsulation dot1Q 1 native
--More-- ip address 172.16.30.1 255.255.255.0
--More-- !
--More-- interface GigabitEthernet0/0.11
--More-- description VLAN 11 BlueTeam
--More-- encapsulation dot1Q 11
--More-- ip address 172.16.31.1 255.255.255.0
--More-- ip helper-address 172.16.200.22
--More-- !
--More-- interface GigabitEthernet0/0.12
--More-- description VLAN 12 RedTeam
--More-- encapsulation dot1Q 12
--More-- ip address 172.16.32.1 255.255.255.0
--More-- ip helper-address 172.16.200.22
--More-- !
--More-- interface GigabitEthernet0/1
--More-- description ISP Traffic Outbound
--More-- ip address 10.202.240.1 255.255.255.240
--More-- ip nat outside
--More-- ip virtual-reassembly in
--More-- duplex auto
--More-- speed auto
--More-- !
--More-- interface Serial0/0/0
--More-- description Router2 DCE Serial0/0/0 to Router3 DTE Serial 0/0/0
--More-- ip address 172.16.40.1 255.255.255.248
--More-- ip nat inside
--More-- ip virtual-reassembly in
--More-- clock rate 56000
--More-- !
--More-- interface Serial0/0/1
--More-- description Router2 DTE Serial 0/0/1 to Router1 DCE Serial 0/0/0
--More-- ip address 172.16.20.2 255.255.255.248
--More-- ip nat inside
--More-- ip virtual-reassembly in
--More-- !
--More-- router ospf 109
--More-- !
--More-- router ospf 1
--More-- network 172.16.20.0 0.0.0.7 area 1
--More-- network 172.16.30.0 0.0.0.255 area 0
--More-- network 172.16.31.0 0.0.0.255 area 0
--More-- network 172.16.32.0 0.0.0.255 area 0
--More-- network 172.16.40.0 0.0.0.7 area 0
--More-- network 172.16.255.2 0.0.0.0 area 0
--More-- !
--More-- ip forward-protocol nd
--More-- !
--More-- no ip http server
--More-- no ip http secure-server
--More-- !
--More-- ip nat source list 1 interface GigabitEthernet0/1 overload
--More-- ip route 0.0.0.0 0.0.0.0 10.202.240.14
--More-- ip route 0.0.0.0 0.0.0.0 172.16.20.1
--More-- ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
--More-- ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
--More-- !
--More-- ipv6 ioam timestamp
--More-- !
--More-- !
--More-- access-list 1 permit 172.16.0.0 0.15.255.255
--More-- !
--More-- control-plane
--More-- !
--More-- !
--More-- vstack
--More-- banner login ^C!WARNING! You are permitted to use the system for authorized purposes only and may only use the system in accordance with the organization's Information Security Policy.^C
--More-- banner motd ^CNetwork Lab Welcome Master^C
--More-- !
--More-- line con 0
--More-- exec-timeout 5 0
--More-- password 7 124B574643
--More-- logging synchronous
--More-- login
--More-- line aux 0
--More-- password 7 153E24480B731F2108
--More-- line 2
--More-- no activation-character
--More-- no exec
--More-- transport preferred none
--More-- transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
--More-- stopbits 1
--More-- line vty 0 4
--More-- password 7 10693D234415052C5B
--More-- login
--More-- transport input none
--More-- !
--More-- scheduler allocate 20000 1000
--More-- !
--More-- end
--More--
Router2#

MHM Cisco World · ‎05-04-2024

Now we can talk it clear you correct the subnet for each vlan.

For DNS issue' the host need to use dns server IP not use router IP for name resolve.

So first point to check is the dhcp' is it retrun router or dns IP to hosts

MHM

wtsmith · ‎05-06-2024

Would that be in the scope options?

MHM Cisco World · ‎05-06-2024

Scope options of dhcp

If that what you mean, then Yes

You need to check from that point

MHM

Georg Pauwen · ‎05-06-2024

Hello,

where is 'their' DNS server, where is 'your' DNS server, that is, what are the IP addresses of each respective server ?

wtsmith · ‎05-06-2024

Our DNS is running off of VLAN 200 with an IP of (172.16.200.21)
Their DNS has an IP of (10.8.0.30) and I am unsure where it is.

Georg Pauwen · ‎05-06-2024

Hello,

your router has two default routes, which lead to load balancing and unpredictable results.

ip route 0.0.0.0 0.0.0.0 10.202.240.14
ip route 0.0.0.0 0.0.0.0 172.16.20.1

Judging from your drawing, you probably only need the first one (pointing to the Internet). Remove the second one and check if that makes a difference. Also, do a:

traceroute 10.8.0.30

from R2 and post the results.

wtsmith · ‎05-06-2024

I had to set the IP route

0.0.0.0 0.0.0.0 172.16.20.1

To give DHCP connectivity to R1.

I was told I don't need the

IP route 0.0.0.0 0.0.0.0 10.202.240.14

Since the R2 is already set as 10.202.240.1

Georg Pauwen · ‎05-07-2024

Hello,

what do you mean by 'DHCP connectivity to R1', why does R2 need that ?

Without the default route to 10.202.241.14, you have no access to anything on the outside.

wtsmith · ‎05-08-2024

Whenever I plugged a device into S1 it wouldn't connect to our domain or have the Correct IP address from the DHCP until I added that IP route from R2 to R1 because our DNS and DHCP is off of VLAN 200.

I could send all my router configurations if that's helpful.

MHM Cisco World · ‎05-08-2024

between R1 and R3 are you run OSPF ? which area you use ?

MHM

wtsmith · ‎05-08-2024

Im not sure I know enough about it to answer it, but heres all the OSPF config on all the routers.

R2#
router ospf 109
--More-- !
--More-- router ospf 1
--More-- network 172.16.20.0 0.0.0.7 area 1
--More-- network 172.16.30.0 0.0.0.255 area 0
--More-- network 172.16.31.0 0.0.0.255 area 0
--More-- network 172.16.32.0 0.0.0.255 area 0
--More-- network 172.16.40.0 0.0.0.7 area 0
--More-- network 172.16.255.2 0.0.0.0 area 0
--More-- !

R1#
router ospf 1
--More-- network 172.16.10.0 0.0.0.255 area 2
--More-- network 172.16.11.0 0.0.0.255 area 2
--More-- network 172.16.12.0 0.0.0.255 area 2
--More-- network 172.16.20.0 0.0.0.7 area 1
--More-- network 172.16.60.0 0.0.0.7 area 1

R3#
!
--More-- router ospf 1
--More-- network 172.16.40.0 0.0.0.7 area 0
--More-- network 172.16.50.0 0.0.0.255 area 2
--More-- network 172.16.51.0 0.0.0.255 area 2
--More-- network 172.16.52.0 0.0.0.255 area 2
--More-- network 172.16.60.0 0.0.0.7 area 2
--More-- network 172.16.200.0 0.0.0.255 area 2
--More-- network 172.16.255.3 0.0.0.0 area 2
--More-- !

MHM Cisco World · ‎05-08-2024

--More-- network 172.16.60.0 0.0.0.7 area 2 <<- this interconnect subnet 172.16.60.0 have issue that why some router dont know the VLAN200 until you config static route

MHM