Ethernet Switches & Routers

Reply
New Contributor
Posts: 4
Registered: ‎11-21-2016

DNS resolver not working

Hi,

 

I'm unable to ping hostnames from my brocade router. I can successfully ping IP addresses, but not hostnames. Any guidance would be appreciated.

 

SSH@edge#ping facebook.com

Type Control-c to abort
Sending DNS Query to 8.8.8.8
Ping Failed DNS: Errno(8) DNS query timed out...failed to resolve

 

SSH@edge#ping google.com

Type Control-c to abort
Sending DNS Query to 4.2.2.2
Ping Failed DNS: Errno(8) DNS query timed out...failed to resolve

 

 

DNS specific config in the router:

SSH@edge#show run | in dns
ip dns server-address 8.8.8.8 4.2.2.2

 

Router model: 

System: NetIron CER 2024

IronWare : Version 6.0.0aT183

Brocade Moderator
Posts: 63
Registered: ‎02-04-2015

Re: DNS resolver not working

Hello,

 

Can you ping 8.8.8.8 and 4.2.2.2?

 

I suggest providing the commands below to help giving a better understanding of the environment

 

show ip route 8.8.8.8

show ip route 4.2.2.2

show ip interface

 

I would also check if there is any access-list dropping dns packets.

 

Thanks

Os

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider. If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution" .
New Contributor
Posts: 4
Registered: ‎11-21-2016

Re: DNS resolver not working

Hi Osama,

 

I can ping 'all' IP addresses that respond to ICMP, including 8.8.8.8 and 4.2.2.2 - proving routing is fine.

 

There are no ACL's on the router. It has very basic config.

 

SSH@vm1rtedge02#ping 8.8.8.8 source <public address>
Sending 1, 16-byte ICMP Echo to 8.8.8.8, timeout 5000 msec, TTL 64
Type Control-c to abort
Reply from 8.8.8.8 : bytes=16 time=13ms TTL=60
Success rate is 100 percent (1/1), round-trip min/avg/max=13/13/13 ms.

 

 

SSH@vm1rtedge02#ping google.com source <public address>

Type Control-c to abort
Sending DNS Query to 4.2.2.2
Ping Failed DNS: Errno(8) DNS query timed out...failed to resolve

 

Any ideas?

Brocade Moderator
Posts: 63
Registered: ‎02-04-2015

Re: DNS resolver not working

[ Edited ]

Hi,

 

Try to mirror the outgoing port and capture packets on a sniffer like Wireshark. This should tell if the CER is sending the Query but not receiving a response, or it is simply not sending anything at all.

 

To monitor a port:

 

CER(config)#mirror port ethx/x (destination port where sniffer is connected)

CER(config)#interface ethx/x (outgoing port)

CER(config-if-xxxxx)#monitor ethx/x (destination port) both

 

You can also try ACL accounting and see if counters increment when a DNS Query is performed. It will look something like this:

 

CER(config)#ip access-list extended DNS

CER(config-et-nacl-DNS)#permit enable-accounting udp any host 8.8.8.8 eq dns

CER(config-et-nacl-DNS)#permit enable-accounting udp any host 4.2.2.2 eq dns

CER(config-et-nacl-DNS)#permit enable-accounting udp host 8.8.8.8 any eq dns

CER(config-et-nacl-DNS)#permit enable-accounting udp host 4.2.2.2 any eq dns

CER(config-et-nacl-DNS)#permit ip any any

CER(config-et-nacl-DNS)#exit

CER(config)#interface ethx/x

CER(config-if-xxxxxx)#ip access-group DNS in

CER(config-if-xxxxxx)#ip access-group DNS out

 

To check the counters you issue command

CER#show access-list accounting brief

 

Hope this helps

 

Regards,

Os

 

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider. If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution" .
New Contributor
Posts: 4
Registered: ‎11-21-2016

Re: DNS resolver not working

Hi Osama,

 

Thanks for your suggestions. 

 

I configured the ACL and noticed DNS 'hits' going out the egress interface, but none coming in.

 

Wireshark capture revealed that the DNS queries were sourced from the private IP address assigned to the egress interface, not the public IP address which is what I used to source ping from.

 

For example,

 

- The address on the egress interface e1/1 is 192.168.11.8

- The CER 2024 does not support NAT, hence I source pings from a public address assiged to a loopback interface using this command ping 8.8.8.8 source <public address>

 

Wireshark captures shows DNS queries being sent from 192.168.11.8 instead of the public address as source. Hence DNS lookup fails.

 

So, to summarise, pings are sent using the public address as source, but DNS queries are sent using the private address as source. ..LOL! Looks like the developers for the code didn't think about this.

Brocade Moderator
Posts: 63
Registered: ‎02-04-2015

Re: DNS resolver not working

Hi Roger,

 

It is true that you can't specify a source interface for DNS queries in NetIron.

 

An RFE (request for enhancment) can be raised through your Brocade Account Manager or Brocade Sales.

 

Meanwhile, I suggest setting up a local DNS server.

 

Thanks

Os

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider. If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution" .

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.