Cisco – Ping domain name using sourced interface

ciscodnsicmp

Problem: I want to be able to ping a domain name, sourcing from a particular interface on a Cisco router.

Scenario: I have Router-A, an it has a management address of 1.1.1.1. I can only connect to this router using that address from a certain location, which is how security is set up, and it cannot be changed. I would like to be able to connect to Router-A and then setup DNS with:

ip domain-lookup
ip name-server 44.44.44.44

Then, from the command line, I would want to do something like:

ping www.google.com source interface FastEthernet0

So, why cant i do this? Well, because when you introduce the domain name into the ping statement, you are not giving the option to source it anymore.

So, just use an extended ping? Although it seems like you would have that option, after you enter the domain name in, you don't get the option to source it anymore.

Why are you trying to source it from Fas0? Because that subnet is allowed to query the DNS, no other address on the device is allowed, by the DNS server, to make queries.

So, just send the request from an end device connected to the router? I cant, and this is not answering the problem, it has to be done from the command line on the router.

I had the idea of tclsh with something like:

tclsh
foreach var {
http://www.domainname1.com
http://www.domainname2.com
http://www.domainname3.com
http://www.domainname4.com
http://www.domainname5.com
} {ping $var repeat 5 source Fas0}

But that does not work.

Any ideas would be greatly appreciated.

Best Answer

Basically, you need to check the connectivity between this router and the DNS server through FastEthernet0.

Try to ping it globally with no source interface
Try to ping the DNS server IP address using this source interface or the IP address assigned to it
Try to ping anything local in your domain first (e.g. your PC's fully qualified domain name), then try to ping a global site, since it may be an Internet access problem (1.1.1.1 IP address range)
Try Cisco troubleshooting list, this case its may be of help CISCO DNS TS

NOTE
I just tried the 'ip name-server X.X.X.X' command on my core switch (X.X.X.X is my DNS server IP address) and everything worked perfect internally and externally (I used ping and traceroute to idjsrv.beyti.local) as shown:

(I used ping and traceroute to www.google.com) as shown:

Summary:

Use no domain-lookup under line vty 0 4...

Details:

You're right, the default behavior is to perform & cache a forward / reverse lookup for the addresses in show commands. This config starts similar to yours...

Baseline behaviour: Forward / Reverse lookups

HotCoffee#clear host *
HotCoffee#sh runn | i ip domain|ip name|^ +domain|NTP
Time source is NTP, 06:10:42.327 CDT Tue Aug 13 2013
ip domain name pennington.net
ip name-server 172.16.1.5
 domain-name pennington.net
HotCoffee#

After clearing the host cache, there are no entries in it...

HotCoffee#show host
Load for five secs: 0%/0%; one minute: 1%; five minutes: 1%
Time source is NTP, 06:11:46.864 CDT Tue Aug 13 2013

Default domain is pennington.net
Name/address lookup uses domain service
Name servers are 172.16.1.5

Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
       temp - temporary, perm - permanent
       NA - Not Applicable None - Not defined

Host                      Port  Flags      Age Type   Address(es)
HotCoffee#

Doing a show user or ping populates the host cache...

HotCoffee#sh user
    Line       User       Host(s)              Idle       Location
* 66 vty 0     cisco      idle                 00:00:00 tsunami.pennington.net

  Interface    User               Mode         Idle     Peer Address

HotCoffee#ping flame
Translating "flame"...domain server (172.16.1.5)

Translating "flame"...domain server (172.16.1.5) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms
HotCoffee#

Now there are host entries for both the ping target and show user...

HotCoffee#sh hosts
Load for five secs: 1%/0%; one minute: 0%; five minutes: 0%
Time source is NTP, 06:16:32.811 CDT Tue Aug 13 2013

Default domain is pennington.net
Name/address lookup uses domain service
Name servers are 172.16.1.5

Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
       temp - temporary, perm - permanent
       NA - Not Applicable None - Not defined

Host                      Port  Flags      Age Type   Address(es)
tsunami.pennington.net    None  (temp, OK)  0   IP    172.16.1.5
flame.pennington.net      None  (temp, OK)  0   IP    172.16.1.1
flame                     None  (temp, UN)  0  IPv6 
HotCoffee#

Solution: Only Forward lookups

Use no domain-lookup under the vty / console lines to restrict IOS behaviour to only forward lookups...

HotCoffee#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
HotCoffee(config)#line vty 0 4
HotCoffee(config-line)#no domain-lookup
HotCoffee(config-line)#end
HotCoffee#

First I clear the host cache for a clean test...

HotCoffee#clear host *
HotCoffee#
HotCoffee#

show user formerly performed a reverse-lookup on 172.16.1.5 as well as populating the host cache, but neither happens now...

HotCoffee#sh user
Load for five secs: 1%/0%; one minute: 0%; five minutes: 0%
Time source is NTP, 06:20:00.250 CDT Tue Aug 13 2013

    Line       User       Host(s)              Idle       Location
* 66 vty 0     cisco      idle                 00:00:00 172.16.1.5   <----

  Interface    User               Mode         Idle     Peer Address

HotCoffee#
HotCoffee#sh host
Load for five secs: 2%/0%; one minute: 0%; five minutes: 0%
Time source is NTP, 06:20:06.729 CDT Tue Aug 13 2013

Default domain is pennington.net
Name/address lookup uses domain service
Name servers are 172.16.1.5

Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
       temp - temporary, perm - permanent
       NA - Not Applicable None - Not defined

Host                      Port  Flags      Age Type   Address(es)
                                                                    <----
HotCoffee#

Just to show that forward lookups still function...

HotCoffee#
HotCoffee#ping flame
Translating "flame"...domain server (172.16.1.5)

Translating "flame"...domain server (172.16.1.5) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
HotCoffee#
HotCoffee#
HotCoffee#
HotCoffee#sh hosts
Load for five secs: 0%/0%; one minute: 0%; five minutes: 0%
Time source is NTP, 06:25:43.237 CDT Tue Aug 13 2013

Default domain is pennington.net
Name/address lookup uses domain service
Name servers are 172.16.1.5

Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
       temp - temporary, perm - permanent
       NA - Not Applicable None - Not defined

Host                      Port  Flags      Age Type   Address(es)
tsunami.pennington.net    None  (temp, OK)  0   IP    172.16.1.5
flame.pennington.net      None  (temp, OK)  0   IP    172.16.1.1
flame                     None  (temp, UN)  0  IPv6 
HotCoffee#

Cisco VLAN – Troubleshooting Ping Issues Between VLANs

I don't see where you have globally defined the VLANs on the switch. You need something like:

Vlan 20
 name VLAN_20   ! or whatever you want to name it
 exit
!
Vlan 21
 name VLAN_21   ! or whatever you want to name it
 exit
!

Best Answer

Related Solutions

Cisco IOS Forward / reverse name lookups

Summary:

Details:

Baseline behaviour: Forward / Reverse lookups

Solution: Only Forward lookups

Cisco VLAN – Troubleshooting Ping Issues Between VLANs

Related Topic