1. Home
  2. Cisco Systems
  3. ip DNS server timouts but sometimes it's working & always works form the router itself.

ip DNS server timouts but sometimes it's working & always works form the router itself.

Hi Group,

I have come across something I can't solve.

When using my Cisco as dns forwarder, DNS is just plain slow from my PC, even when using openDNS in the Cisco (model 857)

Code:

C:\\Documents and Settings\\Steven>nslookup

formatting link
192.168.1.1 Server: cisco-steventje Address: 192.168.1.1

DNS request timed out. timeout was 2 seconds. Non-authoritative answer: Name:

formatting link
Address: 213.239.154.35

... 2 seconds delay on almost every query. :(

I searched a bit further:

Increasing the deay to even 40 seconds...don't even get an answer;

C:\\Documents and Settings\\Steven>nslookup -time=40

formatting link

192.168.1.1 Server: cisco-steventje Address: 192.168.1.1

DNS request timed out. timeout was 40 seconds. DNS request timed out. timeout was 40 seconds.

*** Request to cisco-steventje timed-out

on my cisco "enabled ip domain debug"

This gives:

It looks almost if the cisco doens't get its response and kees trying, and at he end ignores all the incoming queries.

569: 000564: Aug 10 21:14:34.442 GMT+2: DNS: Incoming UDP query (id#1) 570: 000565: Aug 10 21:14:34.442 GMT+2: DNS: Type 12 DNS query (id#1) for host '1.1.168.192.in-addr.arpa' from 192.168.1.2(2148) 571: 000566: Aug 10 21:14:34.442 GMT+2: %DNS-6-LOG_ACCESS: DNS View default used for client 192.168.1.2/2148, querying PTR '1.1.168.192.in-addr.arpa' 572: 000567: Aug 10 21:14:34.442 GMT+2: DNS: Servicing request using view default 573: 000568: Aug 10 21:14:34.442 GMT+2: DNS: Finished processing query (id#1) in 0.000 secs 574: 000569: Aug 10 21:14:34.442 GMT+2: DNS: Sending response to 192.168.1.2/2148, len 71 575: 000570: Aug 10 21:14:34.450 GMT+2: DNS: Incoming UDP query (id#2) 576: 000571: Aug 10 21:14:34.450 GMT+2: DNS: Type 1 DNS query (id#2) for host '
formatting link
' from 192.168.1.2(2149) 577: 000572: Aug 10 21:14:34.450 GMT+2: %DNS-6-LOG_ACCESS: DNS View default used for client 192.168.1.2/2149, querying A '
formatting link
' 578: 000573: Aug 10 21:14:34.450 GMT+2: DNS: Servicing request using view default 579: 000574: Aug 10 21:14:34.450 GMT+2: DNS: Re-sending DNS query (type 1, id#59263) to 208.67.220.220 580: 000575: Aug 10 21:14:38.078 GMT+2: DNS: Resending query id #2 581: 000576: Aug 10 21:14:38.078 GMT+2: DNS: Re-sending DNS query (type 1, id#59263) to 208.67.220.220 582: 000577: Aug 10 21:14:41.078 GMT+2: DNS: Resending query id #2 583: 000578: Aug 10 21:14:41.078 GMT+2: DNS: Re-sending DNS query (type 1, id#59263) to 208.67.220.220 584: 000579: Aug 10 21:14:44.078 GMT+2: DNS: Resending query id #2 585: 000580: Aug 10 21:14:44.078 GMT+2: DNS: Re-sending DNS query (type 1, id#59263) to 208.67.220.222 586: 000581: Aug 10 21:14:47.078 GMT+2: DNS: Resending query id #2 587: 000582: Aug 10 21:14:47.078 GMT+2: DNS: Re-sending DNS query (type 1, id#59263) to 208.67.220.222 588: 000583: Aug 10 21:14:50.078 GMT+2: DNS: Resending query id #2 589: 000584: Aug 10 21:14:50.078 GMT+2: DNS: Re-sending DNS query (type 1, id#59263) to 208.67.220.222 590: 000585: Aug 10 21:14:53.078 GMT+2: DNS: Resending query id #2 591: 000586: Aug 10 21:14:53.078 GMT+2: DNS: Re-sending DNS query (type 1, id#59263) to 83.143.245.36 592: 000587: Aug 10 21:14:56.078 GMT+2: DNS: Resending query id #2 593: 000588: Aug 10 21:14:56.078 GMT+2: DNS: Re-sending DNS query (type 1, id#59263) to 83.143.245.36 594: 000589: Aug 10 21:14:59.078 GMT+2: DNS: Resending query id #2 595: 000590: Aug 10 21:14:59.078 GMT+2: DNS: Re-sending DNS query (type 1, id#59263) to 83.143.245.36 596: 000591: Aug 10 21:15:02.078 GMT+2: DNS: Resending query id #2 597: 000592: Aug 10 21:15:02.078 GMT+2: DNS: Re-sending DNS query (type 1, id#59263) to 83.143.245.37 598: 000593: Aug 10 21:15:05.094 GMT+2: DNS: Resending query id #2 599: 000594: Aug 10 21:15:05.094 GMT+2: DNS: Re-sending DNS query (type 1, id#59263) to 83.143.245.37 600: 000595: Aug 10 21:15:08.094 GMT+2: DNS: Resending query id #2 601: 000596: Aug 10 21:15:08.094 GMT+2: DNS: Re-sending DNS query (type 1, id#59263) to 83.143.245.37 602: 000597: Aug 10 21:15:11.094 GMT+2: DNS: Removed waiting query id #2 603: 000598: Aug 10 21:15:14.466 GMT+2: DNS: Incoming UDP query (id#3) 604: 000599: Aug 10 21:15:14.466 GMT+2: DNS: Incoming UDP query (id#59263) 605: 000600: Aug 10 21:15:14.466 GMT+2: DNS: Incoming UDP query (id#59263) 606: 000601: Aug 10 21:15:14.466 GMT+2: DNS: Incoming UDP query (id#59263) 607: 000602: Aug 10 21:15:14.470 GMT+2: DNS: Incoming UDP query (id#59263) 608: 000603: Aug 10 21:15:14.470 GMT+2: DNS: Incoming UDP query (id#59263) 609: 000604: Aug 10 21:15:14.470 GMT+2: DNS: Incoming UDP query (id#59263) 610: 000605: Aug 10 21:15:14.470 GMT+2: DNS: Incoming UDP query (id#59263) 611: 000606: Aug 10 21:15:14.470 GMT+2: DNS: Incoming UDP query (id#59263) 612: 000607: Aug 10 21:15:14.470 GMT+2: DNS: Incoming UDP query (id#59263) 613: 000608: Aug 10 21:15:14.470 GMT+2: DNS: Incoming UDP query (id#59263) 614: 000609: Aug 10 21:15:14.470 GMT+2: DNS: Incoming UDP query (id#59263) 615: 000610: Aug 10 21:15:14.470 GMT+2: DNS: Incoming UDP query (id#59263) 616: 000611: Aug 10 21:15:14.470 GMT+2: DNS: Type 1 DNS query (id#3) for host '
formatting link
' from 192.168.1.2(2150) 617: 000612: Aug 10 21:15:14.470 GMT+2: %DNS-6-LOG_ACCESS: DNS View default used for client 192.168.1.2/2150, querying A '
formatting link
' 618: 000613: Aug 10 21:15:14.474 GMT+2: DNS: Servicing request using view default 619: 000614: Aug 10 21:15:14.474 GMT+2: DNS: Re-sending DNS query (type 1, id#7734) to 208.67.220.220 620: 000615: Aug 10 21:15:14.474 GMT+2: DNS: Type 1 response (id#59263) for host from 208.67.220.220(53) 621: 000616: Aug 10 21:15:14.474 GMT+2: DNS: Dropping reply from 208.67.220.220(53) - doesn't match a query 622: 000617: Aug 10 21:15:14.474 GMT+2: DNS: Type 1 response (id#59263) for host from 208.67.220.220(53) 623: 000618: Aug 10 21:15:14.474 GMT+2: DNS: Dropping reply from 208.67.220.220(53) - doesn't match a query 624: 000619: Aug 10 21:15:14.474 GMT+2: DNS: Type 1 response (id#59263) for host from 208.67.220.220(53) 625: 000620: Aug 10 21:15:14.474 GMT+2: DNS: Dropping reply from 208.67.220.220(53) - doesn't match a query 626: 000621: Aug 10 21:15:14.474 GMT+2: DNS: Type 1 response (id#59263) for host from 208.67.220.222(53) 627: 000622: Aug 10 21:15:14.474 GMT+2: DNS: Dropping reply from 208.67.220.222(53) - doesn't match a query 628: 000623: Aug 10 21:15:14.474 GMT+2: DNS: Type 1 response (id#59263) for host from 208.67.220.222(53) 629: 000624: Aug 10 21:15:14.474 GMT+2: DNS: Dropping reply from 208.67.220.222(53) - doesn't match a query 630: 000625: Aug 10 21:15:14.474 GMT+2: DNS: Type 1 response (id#59263) for host from 208.67.220.222(53) 631: 000626: Aug 10 21:15:14.474 GMT+2: DNS: Dropping reply from 208.67.220.222(53) - doesn't match a query 632: 000627: Aug 10 21:15:14.474 GMT+2: DNS: Type 1 response (id#59263) for host from 83.143.245.36(53) 633: 000628: Aug 10 21:15:14.474 GMT+2: DNS: Dropping reply from 83.143.245.36(53) - doesn't match a query 634: 000629: Aug 10 21:15:14.474 GMT+2: DNS: Type 1 response (id#59263) for host from 83.143.245.36(53) 635: 000630: Aug 10 21:15:14.478 GMT+2: DNS: Dropping reply from 83.143.245.36(53) - doesn't match a query 636: 000631: Aug 10 21:15:14.478 GMT+2: DNS: Type 1 response (id#59263) for host from 83.143.245.36(53) 637: 000632: Aug 10 21:15:14.478 GMT+2: DNS: Dropping reply from 83.143.245.36(53) - doesn't match a query 638: 000633: Aug 10 21:15:14.478 GMT+2: DNS: Type 1 response (id#59263) for host from 83.143.245.37(53) 639: 000634: Aug 10 21:15:14.478 GMT+2: DNS: Dropping reply from 83.143.245.37(53) - doesn't match a query 640: 000635: Aug 10 21:15:14.478 GMT+2: DNS: Type 1 response (id#59263) for host from 83.143.245.37(53) 641: 000636: Aug 10 21:15:14.478 GMT+2: DNS: Dropping reply from 83.143.245.37(53) - doesn't match a query 642: 000637: Aug 10 21:15:14.478 GMT+2: DNS: Type 1 response (id#59263) for host from 83.143.245.37(53) 643: 000638: Aug 10 21:15:14.478 GMT+2: DNS: Dropping reply from 83.143.245.37(53) - doesn't match a query

When doeing a ping on the router it works just fine (instantly!) Code:

Steventje#ping tweakers.net Translating "tweakers.net"...domain server (208.67.220.220) [OK]

Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 213.239.154.35, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/20 ms Steventje#

Bypassing the cisco's dns forwarder, gives instand dns lookups from my PC, so I guess it's not Windows... code:

C:\\Documents and Settings\\Steven>nslookup

formatting link
Server: resolver1.opendns.com Address: 208.67.222.222

Non-authoritative answer: Name:

formatting link
Address: 213.239.154.35

Can you help me? Couldnt' find anyone else with the same problem. Will post cisco config if needed - rather standard dns config (but my post is already very long) Thanks in advance everyone!!

Steven.

Reply to
Steven V.A.
Loading thread data ...

One more thing I noticed:

Increasing the timeout on the Windows box just increases the lookup time, as if it follows nicely :(

Specified 10s timeout >>>>>>> C:\\>nslookup -time=10 tweakers.net

192.168.1.1 Server: cisco-steventje Address: 192.168.1.1

DNS request timed out.

See what I mean >>>>>>>>>>>>>>>>>> timeout was 10 seconds. Non-authoritative answer: Name: tweakers.net Address: 213.239.154.35

Debug log is the same as 1st post (just a bit shorter)

Greetings, Steven

Reply to
Steven V.A.

I'll suspect that one of the DNS servers that you send the 857 forwards the queries to is not responding.

Why are you doing DNS forwarding?

Reply to
Thrill5

I have added one DNS server from OpenDNS, and it still times out :(

Aug 14 10:31:11 192.168.1.1 123: 000118: Aug 14 10:31:11.493 GMT+2: DNS: Incoming UDP query (id#3) Aug 14 10:31:11 192.168.1.1 124: 000119: Aug 14 10:31:11.497 GMT+2: DNS: Type 1 DNS query (id#3) for host '

formatting link
' from

192.168.1.2(1758) Aug 14 10:31:11 192.168.1.1 125: 000120: Aug 14 10:31:11.497 GMT+2: %DNS-6-LOG_ACCESS: DNS View default used for client 192.168.1.2/1758, querying A '
formatting link
' Aug 14 10:31:12 192.168.1.1 126: 000121: Aug 14 10:31:11.497 GMT+2: DNS: Servicing request using view default Aug 14 10:31:12 192.168.1.1 127: 000122: Aug 14 10:31:11.497 GMT+2: DNS: Re-sending DNS query (type 1, id#21226) to 208.67.220.220 Aug 14 10:31:18 192.168.1.1 128: 000123: Aug 14 10:31:17.429 GMT+2: DNS: Resending query id #3 Aug 14 10:31:18 192.168.1.1 129: 000124: Aug 14 10:31:17.429 GMT+2: DNS: Re-sending DNS query (type 1, id#21226) to 208.67.220.220 Aug 14 10:31:21 192.168.1.1 130: 000125: Aug 14 10:31:20.429 GMT+2: DNS: Resending query id #3 Aug 14 10:31:21 192.168.1.1 131: 000126: Aug 14 10:31:20.429 GMT+2: DNS: Re-sending DNS query (type 1, id#21226) to 208.67.220.220 Aug 14 10:31:24 192.168.1.1 132: 000127: Aug 14 10:31:23.429 GMT+2: DNS: Removed waiting query id #3

IP host, redirecting hosts, some caching, blocking, ....

formatting link
Greetings, Steven

Reply to
Steven V.A.

I need to mention that DNS lookups from the router itself work fine.

Below is the output from my PC:

1st sample is with OpenDNS DNS's servers direcly configured on my PC (and thus bypassing the router) 2nd sample is using the Cisco. Notice that 2 second time out :(

C:\\Documents and Settings\\Steven>nslookup

formatting link
Server: resolver1.opendns.com Address: 208.67.222.222

Non-authoritative answer: Name:

formatting link
Address: 213.239.154.35

C:\\Documents and Settings\\Steven>nslookup

formatting link
192.168.1.1 Server: cisco-steventje Address: 192.168.1.1

DNS request timed out. timeout was 2 seconds. Non-authoritative answer: Name:

formatting link
Address: 213.239.154.35

On the router everthing works perfectlty:

Steventje#clear host * Steventje#ping

formatting link
Translating "
formatting link
"...domain server (83.143.245.36) [OK]

Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 213.239.154.35, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/17/20 ms Steventje#

This is driving me nuts :(

Greetings, Steven

Reply to
Steven V.A.

take a look at the ouput of debug ip packet detail to make sure router is sourcing the DNS query with its outside interface address (versus the inside addresses ) if it does not use the outside Internet reachable address, the DNS response will not reach you router

what IOS version is loaded on your oruter - post output of show version

Reply to
Merv

also please post your router config - santized to removed passwords and outside ip addresses

Reply to
Merv

Just looking at the original debugs it seesm that from the router DNS server perspective the replies arrive too late, e.g.

575: 000570: Aug 10 21:14:34.450 GMT+2: DNS: Incoming UDP query (id#2) 576: 000571: Aug 10 21:14:34.450 GMT+2: DNS: Type 1 DNS query (id#2) for host '
formatting link
' from 192.168.1.2(2149) 577: 000572: Aug 10 21:14:34.450 GMT+2: %DNS-6-LOG_ACCESS: DNS View default used for client 192.168.1.2/2149, querying A '
formatting link
' 578: 000573: Aug 10 21:14:34.450 GMT+2: DNS: Servicing request using view default 579: 000574: Aug 10 21:14:34.450 GMT+2: DNS: Re-sending DNS query (type 1, id#59263) to 208.67.220.220

...

602: 000597: Aug 10 21:15:11.094 GMT+2: DNS: Removed waiting query id #2

604: 000599: Aug 10 21:15:14.466 GMT+2: DNS: Incoming UDP query (id#59263)

...

620: 000615: Aug 10 21:15:14.474 GMT+2: DNS: Type 1 response (id#59263) for host from 208.67.220.220(53) 621: 000616: Aug 10 21:15:14.474 GMT+2: DNS: Dropping reply from 208.67.220.220(53) - doesn't match a query

Perhaps the responses actually arrive in plenty of time but the DNS server is tardy in getting around to look at them. Combining this debug with debug ip packet detail might tell.

Reply to
Martin Gallagher

for host from 208.67.220.220(53)

208.67.220.220(53) - doesn't match a query

I will try it. Thanks!

Greetings, Steven

Reply to
Steven V.A.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.