Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

Strange DNS issue on Windows server when behind Cisco 877

Active Directory, Domain, DNS, WINS, DHCP, SBS, New Releases.
Post a reply

Strange DNS issue on Windows server when behind Cisco 877

Postby guest » Sun Apr 08, 2012 3:02 pm

We have a Windows 2003 server (SBS) that sits behind our Cisco 877 router. Within the DNS settings in Windows we have forwarders set up, using either OpenDNS (208.67.222.222) or the router (192.168.9.1).

If I run the DCDiag command in Windows to diagnose DNS issues (Dcdiag /test: DNS) I get a whole string of errors, e.g.
Code:
Running enterprise tests on : SHF.local
Starting test: DNS
Test results for domain controllers:

DC: meat.SHF.local
Domain: SHF.local


TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder: 192.168.9.1 (<na
me unavailable>)
Error: Forwarders list has invalid forwarder: 208.67.220.220 (
<name unavailable>)
Error: Forwarders list has invalid forwarder: 208.67.222.222 (
<name unavailable>)
Error: Root hints list has invalid root hint server: a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server: c.root-se
rvers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server: d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server: e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server: g.root-se
rvers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server: h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server: i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server: j.root-se
rvers.net. (198.41.0.10)
Error: Root hints list has invalid root hint server: k.root-se
rvers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (198.32.64.12)
Error: Root hints list has invalid root hint server: m.root-se
rvers.net. (202.12.27.33)

Summary of test results for DNS servers used by the above domain contro
llers:

DNS server: 208.67.222.222 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.222.222

DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.220.220

DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33

DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4

DNS server: 198.41.0.10 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.10

DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.32.64.12
However if I replace the router with a cheap 'n' cheerful Netgear DG834, I do not get the DCDIAG errors. So it looks like some issue with my Cisco config. Could anyone please advise?

Code:
Current configuration : 7094 bytes
!
! No configuration change since last restart
!
version 12.4
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service internal
no service dhcp
!
hostname Butchers877
!
boot-start-marker
boot system flash:c870-advipservicesk9-mz.124-24.T4.bin
boot-end-marker
!
logging message-counter syslog
logging buffered 4096
logging rate-limit 100 except warnings
no logging console
no logging monitor
enable secret 5 xxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
!
!
aaa session-id common
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
!
!
dot11 syslog
ip source-route
!
!
!
!
no ip cef
no ip domain lookup
ip domain name shf.local
ip inspect log drop-pkt
ip inspect name firewall tcp timeout 3600
ip inspect name firewall udp timeout 3600
login block-for 180 attempts 3 within 180
login on-failure log
login on-success log
no ipv6 cef
!
multilink bundle-name authenticated
!
!
object-group network og-L1-JimHome
description Home IP
host xx.xx.xx.xx
!
object-group network og-L1-MainServer
description Main server
host 192.168.9.2
!
object-group network og-L2-Allow-RDP
description Allow Remote Desktop from these hosts
group-object og-L1-JimHome
!
object-group network og-L2-Allow-SNMP
description Allow SNMP from these hosts
group-object og-L1-MainServer
group-object og-L1-JimHome
!
object-group network og-L2-Allow-SSH
description Allow SSH from these hosts
group-object og-L1-JimHome
group-object og-L1-MainServer
!
username root privilege 15 secret 5 xxxxxx
!
!
!
archive
log config
hidekeys
!
!
ip ssh version 2
!
!
interface ATM0
description ADSL Connection
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl enable-training-log failure
dsl bitswap both
hold-queue 200 in
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description LAN
ip address 192.168.9.1 255.255.255.0
ip nat inside
ip nat enable
ip inspect firewall in
ip virtual-reassembly
ip tcp adjust-mss 1452
hold-queue 100 in
hold-queue 100 out
!
interface Dialer0
bandwidth inherit

ip address negotiated
ip access-group acl-EXT-IN in
ip access-group acl-EXT-OUT out
ip nat outside
ip inspect firewall out
ip virtual-reassembly
encapsulation ppp
ip tcp header-compression iphc-format
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap chap callin
ppp chap hostname xx@xx.xx.xx
ppp chap password 7 xxxxx
ppp ipcp dns request
ppp ipcp wins request
ip rtp header-compression iphc-format
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
!
ip dns server
no ip nat service sip udp port 5060
ip nat inside source static tcp 192.168.9.2 3389 interface Dialer0 3389
ip nat inside source static tcp 192.168.9.2 25 interface Dialer0 25
ip nat inside source static tcp 192.168.9.2 443 interface Dialer0 443
ip nat inside source static tcp 192.168.9.2 1723 interface Dialer0 1723
ip nat inside source list acl-NAT-Ranges interface Dialer0 overload
ip nat inside source static tcp 192.168.9.2 110 interface Dialer0 110
ip nat inside source static tcp 192.168.9.2 4125 interface Dialer0 4125
ip nat inside source static tcp 192.168.9.4 33890 interface Dialer0 33890

ip access-list standard acl-NAT-Ranges
remark Define NAT internal ranges
permit 192.168.9.0 0.0.0.255
!
ip access-list extended acl-EXT-IN
remark Inbound external interface
remark The below set the rfc1918 private exclusions
deny ip 192.168.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip any any fragments
remark Allow established sessions back in
permit tcp any any established
remark Any new ports opened in the IP NAT INSIDE SOURCE STATIC lines should also be added here
permit tcp object-group og-L2-Allow-SSH any eq 22 log
permit tcp any any eq smtp
permit tcp any any eq 443
permit tcp any any eq 1723
permit udp object-group og-L2-Allow-SNMP any eq snmp
permit tcp object-group og-L2-Allow-RDP any eq 3389
permit tcp object-group og-L2-Allow-RDP any eq 33890
permit tcp any any eq 4125
permit gre any any
permit udp any eq domain any
remark Standard acceptable icmp rules
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any source-quench
permit icmp any any packet-too-big
permit icmp any any time-exceeded
deny ip any any

ip access-list extended acl-EXT-OUT
remark Allow all outbound IP
permit ip any any

ip access-list logging interval 10
logging 192.168.9.2
dialer-list 1 protocol ip permit
!
!
!
!
snmp-server community Butchers RO
!
control-plane
!
!
line con 0
exec-timeout 0 0
no modem enable
transport output all
line aux 0
transport output all
line vty 0 4
exec-timeout 0 0
privilege level 15
length 40
width 160
transport input ssh
transport output all
!
scheduler max-task-time 5000
ntp master
ntp server 129.6.15.28
!
end
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 9043
Joined: Mon Nov 27, 2006 1:10 pm
Top

Re: Strange DNS issue on Windows server when behind Cisco 877

Postby guest » Sun Apr 08, 2012 3:03 pm

I noticed you have ip dns server enabled on the router but you also have:

no ip domain-lookup


If you want to use your router as a proxy dns server then you need to enable it


ip domain-lookup

You would also need to specify some dns servers

ip name-server X.X.X.X (could be your internal dns server or external dns servers)
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 9043
Joined: Mon Nov 27, 2006 1:10 pm
Top

Re: Strange DNS issue on Windows server when behind Cisco 877

Postby guest » Sun Apr 08, 2012 3:04 pm

Oh my goodness Thank you...that's all it was! How did I overlook that????

Thank you!!!! That works a treat
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 9043
Joined: Mon Nov 27, 2006 1:10 pm
Top
Post a reply

Return to Windows

Your Ad Here

Who is online

Users browsing this forum: No registered users and 7 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group