I have a dumb question..
Hey guys..
ahahahah I meant dumb question (sorry ;)haaha)
I was setting up my cisco 2924 switch. And I set the vlan 1 ip interface address to 192.168.15.44 okay.
and the ip default-gateway to 192.168.15.1 (actual gateway using).
okay yeah I can ping 192.168.15.1 but I can also ping domain names.
Get this I have no ip name-server listed period. but I have ip domain-lookup enabled and when I disabled ip domain-lookup. I cannot ping domain names. My guess is it uses the gateways dns to lookup dns names huh? if I have no name server configured locally in vlan 1 but how does
it use ip domain-lookup or what does ip domain-lookup do?
thanks
ahahahah I meant dumb question (sorry ;)haaha)
I was setting up my cisco 2924 switch. And I set the vlan 1 ip interface address to 192.168.15.44 okay.
and the ip default-gateway to 192.168.15.1 (actual gateway using).
okay yeah I can ping 192.168.15.1 but I can also ping domain names.
Get this I have no ip name-server listed period. but I have ip domain-lookup enabled and when I disabled ip domain-lookup. I cannot ping domain names. My guess is it uses the gateways dns to lookup dns names huh? if I have no name server configured locally in vlan 1 but how does
it use ip domain-lookup or what does ip domain-lookup do?
thanks
Comments
-
burbankmarc
Member Posts: 460
Run some packet debugs and see where it's making it's DNS requests from. -
itdaddy
Member Posts: 2,089 ■■■■□□□□□□
burbankmarc
good idea and I guess I could do some packet sniffing..just wanted others opinions will let you know. will report back
thanks
-
Cyanic
Member Posts: 289
Maybe it has a hard coded DNS server in the IOS. It is plausible if DNS is being allowed out of the network. Regardless, the switch has to be sending it somewhere, and getting an answer back. -
itdaddy
Member Posts: 2,089 ■■■■□□□□□□
cyanic yeah right.
I looked in running and startup config and I didnt create name servers
but when I enable ip domain-lookup DNS works, and yeah I configured
a ip default-gateway for vlan 1 but do you think it is using my ASA DNS?
I mean it is hooked into my asa 5505 which has the name servers there.
I will have to do a packet snif which I should do anyway and do the debug
ICMP on the switch is goiing to be cool once I find out I will report what i find in detail this has really got me wondering
thanks for the help -
burbankmarc
Member Posts: 460
Do you have CDP enabled? There's all kinds of hooks into CDP, I wouldn't be surprised to find out that it was behind this.
-
keenon
Member Posts: 1,922 ■■■■□□□□□□
i was about say, you were going to get a awesome flame
Become the stainless steel sharp knife in a drawer full of rusty spoons -
itdaddy
Member Posts: 2,089 ■■■■□□□□□□
keenon
haahha I know. once I looked at it after I submitted it I said shhhhhh t I cant change my subject I dont think I can I tried and saw no way to do it hahhahha...
burbankmarc
not sure if it is CDP but it might be my switch cisco 2924 is doing a broadcast for a DNS server and of course my windows 2003 DNS server
repsonded to the broad cast requestion. No sure but when I disable
ip domain-lookup, pinging www.yahoo.com doesnt work.
I love paket sniffing. I packet sniffed my vlan 1 and saw comm between
my vlan 1 ip address using a broadcast 255.255.255.255 and my dns server responded. way freaking cool.... so that is solved. it was a broadcast i am guessing with the ip domain-lookup it seems. packet sniffing work like magic..yeah I had cdp enable as well but when i disable
the ip domain-lookup i cannot ping squat! so it must have to do with that
it was easy to lab it up...;) thanks guys -
mikej412
Member Posts: 10,086 ■■■■■■■■■■
I thought I had asked if you wanted it changed.... but I guess I got distracted by work and never finished the post.I cant change my subject
I changed the p to a b so we won't attract people looking for dumbs
:mike: Cisco Certifications -- Collect the Entire Set! -
itdaddy
Member Posts: 2,089 ■■■■□□□□□□
hey thanks mikej, I shuld have asked you to change it sorry. but thanks
yeah I dont want that kind of attention trying to stay out of trouble. hee hee -
Cyanic
Member Posts: 289
Do you know what protocol was it using? Wireshark should decode it for you automajically.
-
itdaddy
Member Posts: 2,089 ■■■■□□□□□□
DNS it was using DNS it show a broadcast 255.255.255.255 from source vlan 1 ip address i set. when i removed the command ip domain-lookup
it didnt translate the DNS names like when I pinged www.yahoo.com worked fin when ip domain-lookup was enabled but once i did
no ip domain-lookup the ping www.yahoo.com could not be found.
cool huh. i love wireshark! -
SysAdmin4066
Member Posts: 443
ip domain-lookup allows for hostname resolution using dns queries as opposed to local resolution and I guess based on your sniffer info, it also allows for your switch, at least the 2924, to actually LOOK for a DNS server via broadcast. I would imagine the fix is to disable the lookup and configure only local lookups if this is a problem.In Progress: CCIE R&S Written Scheduled July 17th (Tentative)
Next Up: CCIE R&S Lab -
itdaddy
Member Posts: 2,089 ■■■■□□□□□□
thanks systadmin it wasnt an issue I just was discovering what was doing that. I guess I was only diggig in deeper into why it works vs I know what it does kind of thing it was cool that there is a difference between find a dns server via broadcast than using locally configured name servers. was just playing with it to really understand how it works hey thanks for you reply and input more is better
-
SysAdmin4066
Member Posts: 443
Got ya In Progress: CCIE R&S Written Scheduled July 17th (Tentative)
Next Up: CCIE R&S Lab
