I'm working on an IOS 15.4 router with an empty startup-config and only the following configuration applied:
interface FastEthernet4
ip address dhcp
no shutdown
debug dhcp detail produces the following when the DHCP lease is claimed:
Sep 25 19:48:23.316: DHCP: Received a BOOTREP pkt
Sep 25 19:48:23.316: DHCP: Scan: Message type: DHCP Offer
...
Sep 25 19:48:23.316: DHCP: Scan: DNS Name Server Option: 192.168.100.4
Indeed, we can resolve DNS. We can also see that the DNS server learned from DHCP has been configured (is there a better way to see this?):
lab-C881#ping google.com
Translating "google.com"...domain server (192.168.100.4) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 205.158.11.53, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
lab-C881#show hosts summary
Default domain is fragmentationneeded.net
Name/address lookup uses domain service
Name servers are 192.168.100.4
Cache entries: 5
Cache prune timeout: 50
lab-C881#
If I put the interface into a VRF, like this...
ip vrf INTERNET
interface FastEthernet4
ip vrf forwarding INTERNET
ip address dhcp
no shutdown
Debugs look the same, but we can't find google, and we don't seem to have a DNS server configured:
lab-C881#ping vrf INTERNET google.com
% Unrecognized host or address, or protocol not running.
lab-C881#show hosts vrf INTERNET summary
lab-C881#
The global forwarding table has no interfaces up, but it's trying to use the DNS server which is reachable only within the VRF:
lab-C881#ping google.com Translating "google.com"...domain server (192.168.100.4) % Unrecognized host or address, or protocol not running. lab-C881#show hosts summary Default domain is fragmentationneeded.net Name/address lookup uses domain service Name servers are 192.168.100.4 Cache entries: 1 Cache prune timeout: 42
Of course, without any interfaces, attempts to talk to the DNS server from the global table will fail. This is kind of a bummer.
Hello,
ReplyDeleteHave you tried using the ip domain lookup source-interface fa4 command?
By default IOS will only try to do a lookup from interfaces in the global vrf.
The question for me is whether or not IOS will install the DHCP DNS and perform the lookup with that server, which is something I can't lab at the moment. You can force the name server by using up name-server vrf and see if that works before trying put dhcp.
Good luck.
"By default IOS will only try to do a lookup from interfaces in the global vrf."
DeleteThat's not correct. IOS has "VRF Aware DNS", which (aside from this issue) does the right thing: Lookups get done against the correct server depending on the VRF context of the query.
Forcing the VRF to use the correct server (ip name-server vrf x.x.x.x) works, but it presumes that I know beforehand what server is available for me to use. In this case, I do not know where the DNS server is. I need to learn it from DHCP.