Cisco 800 系列上的名称解析失败

Cisco 800 系列上的名称解析失败

我们的 ISP 目前正处于严重的 DNS 中断之中,因此通过他们提供的名称服务器进行的名称解析无法正常工作。我正尝试将 Google DNS 服务器添加到我们的 Cisco 800 系列作为临时解决方案,但 DNS 似乎仍然无法从 Cisco 本身或客户端计算机运行。

ping IP 没问题:

#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/300/780 ms

Ping 一个 URL 不会:

#ping cisco.com
Translating "cisco.com"...domain server (203.0.178.191) (203.215.29.191) (8.8.8.8) (8.8.4.4)
% Unrecognized host or address, or protocol not running.

运行配置(混淆我的):

Current configuration : 5060 bytes
!
! Last configuration change at 00:08:00 UTC Fri Apr 4 2014
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ********
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 ********
enable password ********
!
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
!
********
!
!
********
        quit
ip source-route
!
!
!
ip dhcp excluded-address 192.168.90.254
ip dhcp excluded-address 192.168.90.1 192.168.90.31
!
ip dhcp pool ********
 import all
 network 192.168.90.0 255.255.255.0
 default-router 192.168.90.254
 dns-server 192.168.90.254
!
!
ip cef
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip inspect name CBAC_out tcp
ip inspect name CBAC_out udp
ip inspect name CBAC_out icmp
ip inspect name CBAC_out dns
no ipv6 cef
!
!
license udi pid CISCO887VA-M-K9 sn FGL16052611
!
!
username root privilege 15 password 0 ********
!
!
!
!
controller VDSL 0
!
!
!
!
!
!
!
!
interface Ethernet0
 no ip address
 shutdown
 no fair-queue
!
interface ATM0
 no ip address
 load-interval 30
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
 no ip address
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface Vlan1
 ip address 192.168.90.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly in
!
interface Dialer0
 description ********
 ip address negotiated
 ip access-group out_to_in in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1492
 ip nat outside
 ip inspect CBAC_out out
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 ppp authentication pap callin
 ppp pap sent-username ********@******** password 0 ********
 ppp ipcp dns request
 ppp ipcp route default
 ppp ipcp address accept
 no cdp enable
!
interface Dialer1
 no ip address
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 1000
!
ip dns server
ip nat inside source list NAT interface Dialer0 overload
!
ip access-list extended NAT
 permit ip 192.168.90.0 0.0.0.255 any
ip access-list extended out_to_in
 remark Internet traffic coming in
 permit tcp any any established
 permit icmp any any echo-reply
 permit icmp any any echo
 permit udp any any eq domain
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 password ********
 login
 transport input all
!
end

答案1

您有一个名为的访问列表out_to_in,它似乎用于过滤来自互联网的传入流量。

您应该尝试添加permit ip host 8.8.8.8 any您的访问列表ip access-list extended out_to_in

相关内容