I have an 871 in a very simple config here at home. For the moment, i want it to behave just like a random, cheapy home router, and then play with it's additional capabilities.
It's mostly working. In fact, it works nearly all the time.
The only issue I have is that I'm using it as a DNS proxy with some locally defined hosts i want it to resolve. All works for a time, and then, seemingly randomly it will refuse to resolve an external host that worked just fine a while ago.
By experimentation, I've found that logging into the CLI and pinging the host makes it work again- here's an example from nslookup on my PC:
C:\Documents and Settings\Chris>nslookup Default Server: farnsworth Address: 192.168.1.1
*** No address (A) records available for
If I then log into the router:
farnsworth#ping
Translating "
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 62.233.104.60, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 32/41/64 ms farnsworth#
and then retry nslookup:
Non-authoritative answer: Name:
Am I doing something wrong? I'm speculating that once the TTL expires on a record, the router isn't going and looking at the external DNS, as this always seems to happen if I leave the router up.
A router reload also clears the problem.
Here's my config.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2009.02.22 18:42:19 =~=~=~=~=~=~=~=~=~=~=~= sh run Building configuration...
Current configuration : 3797 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname farnsworth ! boot-start-marker boot-end-marker ! security authentication failure rate 10 log security passwords min-length 6 logging message-counter syslog logging buffered 4096 logging console critical enable secret 5 [deleted] enable password 7 [deleted[ ! aaa new-model ! ! aaa authentication login local_auth local ! ! aaa session-id common ! ! dot11 syslog ! dot11 ssid [deleted] authentication open authentication key-management wpa guest-mode wpa-psk ascii 7 [deleted] ! no ip source-route no ip gratuitous-arps ! ! ip dhcp excluded-address 192.168.1.1 192.168.1.50 ip dhcp excluded-address 192.168.0.200 192.168.0.254 ! ip dhcp pool pool1 import all network 192.168.1.0 255.255.255.0 domain-name piglet.local dns-server 192.168.1.1 default-router 192.168.1.1 ! ! ip cef no ip bootp server ip domain name piglet.local ip host [deleted].piglet-net.net 192.168.1.3 ip host farnsworth 192.168.1.1 ip name-server 194.168.4.100 ip name-server 194.168.8.100 ip ddns update method no-ip HTTP add http://[deleted]@dynupdate.no-ip.com/nic/updatehostname=[deleted] interval maximum 0 8 0 0 ! login block-for 60 attempts 5 within 60 ! no ipv6 cef multilink bundle-name authenticated ! ! ! username admin password 7 [deleted] ! ! ! archive log config hidekeys ! ! ip ssh time-out 60 ip ssh authentication-retries 2 ip ssh version 1 ! bridge irb ! ! interface FastEthernet0 spanning-tree portfast ! interface FastEthernet1 spanning-tree portfast ! interface FastEthernet2 spanning-tree portfast ! interface FastEthernet3 spanning-tree portfast ! interface FastEthernet4 ip ddns update hostname [deleted] ip address dhcp ip verify unicast source reachable-via rx allow-default 100 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly speed auto full-duplex snmp trap ip verify drop-rate ! interface Dot11Radio0 no ip address no ip redirects no ip unreachables no ip proxy-arp ! encryption mode ciphers tkip ! ssid [deleted] ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
36.0 48.0 54.0 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding --More-- ! interface Vlan1 no ip address no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly bridge-group 1 ! interface Dialer0 no ip address no cdp enable ! interface BVI1 ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 FastEthernet4 no ip http server no ip http secure-server --More-- ! ! ip dns server ip nat inside source list 101 interface FastEthernet4 overload ! ! logging trap debugging logging facility local2 access-list 100 permit udp any any eq bootpc access-list 101 permit ip 192.168.1.0 0.0.0.255 any no cdp run! ! ! ! ! control-plane ! bridge 1 protocol dec bridge 1 route ip banner motd ^C Unauthorised access prohibited ^C ! line con 0 login authentication local_auth no modem enable transport output telnet line aux 0 login authentication local_auth transport output telnet line vty 0 3 password 7 [deleted] transport input ssh line vty 4 password 7 [deleted] transport input none ! scheduler max-task-time 5000 end
farnsworth#