我们的ISP目前正处在一个主要的DNS中断,结果通过名称服务器提供的名称parsing不起作用。 我正在尝试将Google DNS服务器添加到我们的Cisco 800系列作为临时解决scheme,但DNS似乎仍然无法从思科本身或客户端机器上运行。
Ping一个IP工作正常:
#ping 8.8.8.8 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/300/780 ms Ping一个URL不会:
#ping cisco.com Translating "cisco.com"...domain server (203.0.178.191) (203.215.29.191) (8.8.8.8) (8.8.4.4) % Unrecognized host or address, or protocol not running.
运行configuration(混淆矿):
Current configuration : 5060 bytes ! ! Last configuration change at 00:08:00 UTC Fri Apr 4 2014 version 15.1 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ******** ! boot-start-marker boot-end-marker ! ! enable secret 5 ******** enable password ******** ! no aaa new-model memory-size iomem 10 crypto pki token default removal timeout 0 ! ******** ! ! ******** quit ip source-route ! ! ! ip dhcp excluded-address 192.168.90.254 ip dhcp excluded-address 192.168.90.1 192.168.90.31 ! ip dhcp pool ******** import all network 192.168.90.0 255.255.255.0 default-router 192.168.90.254 dns-server 192.168.90.254 ! ! ip cef ip name-server 8.8.8.8 ip name-server 8.8.4.4 ip inspect name CBAC_out tcp ip inspect name CBAC_out udp ip inspect name CBAC_out icmp ip inspect name CBAC_out dns no ipv6 cef ! ! license udi pid CISCO887VA-M-K9 sn FGL16052611 ! ! username root privilege 15 password 0 ******** ! ! ! ! controller VDSL 0 ! ! ! ! ! ! ! ! interface Ethernet0 no ip address shutdown no fair-queue ! interface ATM0 no ip address load-interval 30 no atm ilmi-keepalive ! interface ATM0.1 point-to-point pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet0 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 no ip address ! interface Vlan1 ip address 192.168.90.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip nat inside ip virtual-reassembly in ! interface Dialer0 description ******** ip address negotiated ip access-group out_to_in in no ip redirects no ip unreachables no ip proxy-arp ip mtu 1492 ip nat outside ip inspect CBAC_out out ip virtual-reassembly in encapsulation ppp dialer pool 1 ppp authentication pap callin ppp pap sent-username ********@******** password 0 ******** ppp ipcp dns request ppp ipcp route default ppp ipcp address accept no cdp enable ! interface Dialer1 no ip address ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! ip dns server ip nat inside source list NAT interface Dialer0 overload ! ip access-list extended NAT permit ip 192.168.90.0 0.0.0.255 any ip access-list extended out_to_in remark Internet traffic coming in permit tcp any any established permit icmp any any echo-reply permit icmp any any echo permit udp any any eq domain ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 password ******** login transport input all ! end
你有一个名为out_to_in的访问列表,似乎在这里过滤来自Internet的传入stream量。
你应该尝试在你的访问列表ip access-list extended out_to_in添加permit ip host 8.8.8.8 any