RV042 DNS setting problem

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by johnvpn, Oct 12, 2005.

  1. johnvpn

    johnvpn Network Guru Member

    RV042 "System Management / Diagnostic / DNS Name lookup" always fails with "Address Resolving Failed"

    The DNS server (X.Y.Z.88) is on the same subnet as rv042's WAN1 interface (X.Y.Z.39)

    Connectivity is not a problem. The RV042 can ping the DNS ip, it can email logs via the mail relay at the DNS servers IP (SMTP relay is on same server as the DNS).

    tcpdump can see the icmp and smtp traffic but shows no DNS traffic when trying the DNS diagnostic. 3 tcpdumps are watching all 3 of rv042 interfaces.

    I have also tried setting the DNS to be on the rv042 LAN subnet ( - also no traffic observed.

    Does anyone have any ideas or suggestions?

    RV042 Firmware version is (Jul 27 2005 19:25:03)
  2. DigiGuru

    DigiGuru Network Guru Member

    Is this the DNS server of your ISP that you're trying to contact?

    We have a setup here where the router auto-sets itself to the IPs of our ISP no problem at all.

    Our internal DHCP server, however, tells all our client computers to use our internal DNS server, which then forwards unknown requests to the external DNS servers.

    This works no problem at all. It seems like a possible firewall problem, but I couldn't tell you where.

    Have you modified the default firewal routes by any chance?

  3. Hung

    Hung Network Guru Member

    We have same problem when sending Email to mail server hosted by ISP, it randomly cannot resolved the domain address of the email server and advised that the mail box of the receiptian cannot be found. This only happend when we enabled the dual wan after we had installed the 2nd Internet Line.
  4. DigiGuru

    DigiGuru Network Guru Member

    You'll find that occasionally, unless you force it otherwise, all connections will go in/out via the least busy route (load balanced round-robin), so occasionally your mail server will have the IP of WAN1, but other times it will have the IP of WAN2

    What you want to do is use "service management" to add a route for SMTP (port 25) and any other mail ports you may want to use to go via your first WAN connection - you can set it to do this for your entire LAN to the entire web, or just specific IP addresses.
  5. johnvpn

    johnvpn Network Guru Member

    Hello again,

    As mentioned above the System Management / Diagnostics / Name resolve did not work. I had just tried some host names in the same domain as the rv042 and when they didnt work i moved on.

    I should have persisted - while it does not work for any names in that same domain - it does work for names in different domains. By same domain i mean the domain set in the rv042's setup / network page.

    There are no firewalls involved, the tcpdump hosts were directly watching the 3 interfaces of the rv042 - no traffic comes out at all when looking up a local domain name. The rv042 is acting as if it is the authoritive NS for its own domain and not bother forwarding the resolution.

    Hung's problem mentioned below could also be that ISP dns servers sometimes are configured to only serve name requests from within the ISPs' own networks. Check that both your wan ports' DNS server ip's match the corresponding ISP's DNS. ie WAN port A's DNS == ISP A's DNS and WAN port B's DNS == ISP B's DNS.
  6. DigiGuru

    DigiGuru Network Guru Member

    The option we use here on our network is the following:

    We have an internal server which handles our development, our exchange server and a DNS server (as it is an active directory controller)

    This server is set to attempt to resolve DNS addresses locally first, then, if it cant find them, its setup to forward them to the ISP's servers.

    Then, we set all client computers (via DHCP) to use the local server FIRST for DNS and set the router as the secondary server.

    This should sort your issue, but it all depends on what your setup is

  7. johnvpn

    johnvpn Network Guru Member

    I see now (i think)

    We have a similar setup here: 2 internal DNS servers on the LAN which resolve local names (*.uk.example.com and *.example.com say) and cache/forward everything else to the ISP's DNS server.

    The LAN hosts get their network settings from a DHCP server (not the one on RV042) and so are quite oblivious to the RV042.

    We also have an external DNS server on the WAN subnet which resolves our own public names (*.example.com say) for requests from the internet.

    These are all working as expected.

    It seems the RV042 has its own DNS server and the setting "Domain name [...] (Required by some ISPs)" is used by the RV042 as the root of its own domain name space.

    Now I have set the RV042's domain setting to vpn.example.com and sure enough, if I "dig LAN.vpn.example.com" it replies with its own LAN address.

    The RV042 will also forward *.example.com name requests as expected to its upstream DNS servers. The RV042 DNS settings can be pointed at the internal DNS server on the LAN so that it will resolve our internal host names (*.uk.example.com) as well.

    All is well now in the DNS department.

    Now, what am I going to use the *.vpn.example.com domain for?...
  8. DigiGuru

    DigiGuru Network Guru Member

    Do you need to use it for anything? lol

  9. mhakman

    mhakman Network Guru Member

    I had the same problem as you and the above is my conclusion too. As soon as I removed domain name then the DNS lookup started to work for this domain. It looks like a bug because this domain name specifies router's name on the WAN interface and when using ISP assigned IP there is no reason to build an internal DNS zone for this domain.

    I think the router needs specification of another domain on the LAN side - then it could build a DNS zone for all its DHCP clients and perhaps even for other (static) internal addresses. Unfortunately there is no such entry on the DHCP page.

    Yes. First if I enter "Domain name [...] (Required by some ISPs)" (which isn't strictly required by ISP), then ISP will see that name in their network tools which makes it easier for them to find my connection when talking with their support.

    Second, if you had an internal DNS zone on the router then you wouldn't need an external (to the router) internal (on your LAN) DNS server. Perhaps this could be implemented as a fully configurable DNS server in the router in the future, I hope. Right now one and the same domain name is used for both purposes, which doesn’t work well.

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice