I have a dumb question..

Hey guys..

ahahahah I meant dumb question (sorry ;)haaha)

I was setting up my cisco 2924 switch. And I set the vlan 1 ip interface address to 192.168.15.44 okay.
and the ip default-gateway to 192.168.15.1 (actual gateway using).

okay yeah I can ping 192.168.15.1 but I can also ping domain names.
Get this I have no ip name-server listed period. but I have ip domain-lookup enabled and when I disabled ip domain-lookup. I cannot ping domain names. My guess is it uses the gateways dns to lookup dns names huh? if I have no name server configured locally in vlan 1 but how does
it use ip domain-lookup or what does ip domain-lookup do?
thanks

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

burbankmarc

Run some packet debugs and see where it's making it's DNS requests from.

itdaddy

burbankmarc
good idea and I guess I could do some packet sniffing..just wanted others opinions will let you know. will report back

thanks

Cyanic

Maybe it has a hard coded DNS server in the IOS. It is plausible if DNS is being allowed out of the network. Regardless, the switch has to be sending it somewhere, and getting an answer back.

itdaddy

cyanic yeah right.

I looked in running and startup config and I didnt create name servers
but when I enable ip domain-lookup DNS works, and yeah I configured
a ip default-gateway for vlan 1 but do you think it is using my ASA DNS?
I mean it is hooked into my asa 5505 which has the name servers there.
I will have to do a packet snif which I should do anyway and do the debug
ICMP on the switch is goiing to be cool once I find out I will report what i find in detail this has really got me wondering

thanks for the help

burbankmarc

Do you have CDP enabled? There's all kinds of hooks into CDP, I wouldn't be surprised to find out that it was behind this.

keenon

i was about say, you were going to get a awesome flame

itdaddy

keenon

haahha I know. once I looked at it after I submitted it I said shhhhhh t I cant change my subject I dont think I can I tried and saw no way to do it hahhahha...

burbankmarc

not sure if it is CDP but it might be my switch cisco 2924 is doing a broadcast for a DNS server and of course my windows 2003 DNS server
repsonded to the broad cast requestion. No sure but when I disable
ip domain-lookup, pinging www.yahoo.com doesnt work.

I love paket sniffing. I packet sniffed my vlan 1 and saw comm between
my vlan 1 ip address using a broadcast 255.255.255.255 and my dns server responded. way freaking cool.... so that is solved. it was a broadcast i am guessing with the ip domain-lookup it seems. packet sniffing work like magic..yeah I had cdp enable as well but when i disable
the ip domain-lookup i cannot ping squat! so it must have to do with that
it was easy to lab it up...;) thanks guys

mikej412

itdaddy wrote: »

I cant change my subject

I thought I had asked if you wanted it changed.... but I guess I got distracted by work and never finished the post.

I changed the p to a b so we won't attract people looking for dumbs

itdaddy

hey thanks mikej, I shuld have asked you to change it sorry. but thanks
yeah I dont want that kind of attention trying to stay out of trouble. hee hee

Cyanic

Do you know what protocol was it using? Wireshark should decode it for you automajically.

itdaddy

DNS it was using DNS it show a broadcast 255.255.255.255 from source vlan 1 ip address i set. when i removed the command ip domain-lookup
it didnt translate the DNS names like when I pinged www.yahoo.com worked fin when ip domain-lookup was enabled but once i did
no ip domain-lookup the ping www.yahoo.com could not be found.
cool huh. i love wireshark!

SysAdmin4066

ip domain-lookup allows for hostname resolution using dns queries as opposed to local resolution and I guess based on your sniffer info, it also allows for your switch, at least the 2924, to actually LOOK for a DNS server via broadcast. I would imagine the fix is to disable the lookup and configure only local lookups if this is a problem.

itdaddy

thanks systadmin it wasnt an issue I just was discovering what was doing that. I guess I was only diggig in deeper into why it works vs I know what it does kind of thing it was cool that there is a difference between find a dns server via broadcast than using locally configured name servers. was just playing with it to really understand how it works hey thanks for you reply and input more is better

SysAdmin4066

Got ya