Router-LAN-DNS Question

Similar Messages

• WRT54G....Can I set DHCP to use the router for DNS instead of external DNS?

  Hi folks. I cant' get my router to have DHCP tell my PCs that the router should be the DNS server instead of the external servers it is using. I am using Comcast Cable internet. It sets the external DNS servers for every PC that connects to it and I have problems finding my PCs on my network by NetBIOS name because the external DNS servers obviously don't store my local PCs. How can I set the router up to set DHCP to use the router for DNS?

  If you cannot set the DNS server in the configuration page for the DHCP server in your router then your router does not support this.
  This won't solve your problem though. The DNS server on the router is a simply forwarder. It simply forwards the DNS requests from your computer to the ISP's DNS servers. The DNS server does not accept dynamic updates to a private zone inside your LAN. And DNS is pretty much unrelated to the standard windows workgroup browsing which does the actual name resolution inside your LAN. That name resolution even works without a router inside your network. Basically all windows computers in your network periodically broadcast their name to the network. One windows computers is elected "master browser" which collects all these names and provides the name resolution service for all computers in the workgroup.
  If this does not work it is most likely a windows configuration problem. It could be a software firewall on the computers which blocks traffic. It could be that the computers are not setup for file/printer sharing and thus have the computer browser disabled. It could be that your computers have a WINS server configured which does not exist. There are probably more causes. The better source to ask this question would probably a Microsoft support group. They deal with these kinds of issues more often and maybe a MVP may be able to point you into the right direction or give some links to step-by-step instructions...

• Initial Setup - DNS Question

  I set up my mac mini server in a school setting that already has a windows server. I went in and added DNS records for the new mac server. Do I still need to start the DNS service on the mac server? I opened the terminal and did sudo changeip checkhostname and it said everything was working fine.

  Yes I have a DNS server and before I setup the mac server I set up foward and reverse DNS entries on it for the mac server.
  In all likelihood, your DNS configuration is in error.
  So I guess my question is do I need to run the DNS service off the mac server if I intend to run the podcast and ical services?
  Absolutely not.
  After I set those services up I and restart the server I get a knetworkerror when I open serveradmin and the computer starts to crawl. Is that because I did not setup the DNS service on the mac or is it a different issue?
  That usually means your DNS is in error.
  Again, +you need correct DNS services for your server (and from your clients), but you do not need to run those DNS services on the Mac server.+
  Mac OS X and Mac OS X Server are both perfectly willing and able to reference and to use DNS services running on Windows, Linux, HP-UX, Plan9, OpenVMS, Solaris, FreeBSD, Tru64 Unix or pretty much any other OS that can run a DNS server, so long as those DNS services are correctly configured.
  Specifically for this case (and assuming you're running Server Admin on a client box and not directly on your new Mac OS X Server), you also need correct DNS services available from your client when you are running various services including Server Admin, and if your client is not correctly referencing your LAN DNS, then it is distinctly possible that your server is a bystander here.
  From your client and from your server, launch Terminal.app and issue the following commands:
  dig yourservername.example.com
  dig -x your.server.ip.address
  and post the results.

• IPv6 DNS Questions with DirectAccess

  Hey,
  I'm hoping someone can answer some fundamental questions that I am having around DirectAccess for a customer that I'm working with.  We are putting in Direct Access with a more complicated scenario, but there are some fundamental questions about IPv6
  that I cannot quite get answered.  We have the tunnel established over IPHTTPS, however, I am not able to resolve internal resources.
  We have a red x next to the DNS Monitoring in the Operations Console.  DNS64 is green. 
  1) I know that you don't need IPv6 on our internal servers to use DirectAccess.  However, in this situation they have IPv6 unbound from the NICs on all the servers except for the DA server (and the Windows 7 clients).
  2) Brings me to the DNS question.  Internal DNS servers do not have IPv6 bound to the NIC and they do not register AAAA records in DNS.  Does that pose any issues with the NRPT?
  Thanks for your help!
  Bob

  Hello,
  After talking with Microsoft support here was the actual issue.
  First, the issue around the DNS going red:
  Set-DAClientDnsConfiguration -DnsSuffix '.internal.company.com' -DnsIPAddress @('ipv6 address of the DA server') -Verbose -ComputerName 'DAServer.internal.company.com’
  That fixed that issue, however, we were still having issues with the routing to internal servers. 
  We did the following further troubleshooting with Microsoft,
  We checked if client was able to get to the IPv6 address of the server – failed
  Checked if the client was able to get to the IPHTTPS address of the server – worked
  On the DA server itself, we were unable to ping the IPv6 address of the server      (fd58:c2f1:4a56:5555::1). We tried pinging this IP address using the IPHTTPS address on the DA server and that failed
  as well.
  Since we were unable to get to the IP address on the server itself, we just removed and re-added      the IPv6 address of the server, on the Internal NIC, and we were then able to ping the server’s IPv6
  address.
  But, clients were still unable to connect.
  So we realized that the forwarding must have not been enabled on the NICs.
  We checked for Forwarding being enabled on the IPHTTPS and Internal interface of the DA server
  and found that this was not enabled on the Internal interface.
  Once we enabled this, client machine was then able to connect to internal resources over Direct Access.
  To enable forwarding on the NIC we ran the below command,
  netsh int ipv6 set int <interface_id> forwarding=enabled
  Thanks,
  Bob

• EA6300 - Cascading the Linksys router to another router (LAN-LAN) - Does not Bridge built in Wifi AP

  Regarding: 
  http://kb.linksys.com/Linksys/ukp.aspx?pid=80&vw=1&articleid=3733#
  Cascading the Linksys router to another router (LAN-LAN)
  The Bridge mode function on the EA6300 does not bridge the Wifi AP radio to the network.
  The ethernet ports are bridged, and the router can see network devices and wifi devices connected to itand ping devices in both directions , but Wifi clients connecting to the unit running in bridge mode are not "bridged" to the network.
  ~
  Using the built in webpage of the router, all devices can be pinged.
  Ethernet RJ-45 devices plugged into it can ping the unit and pull up the units config webpage, but not ping wifi clients connected to it.
  Wfii devices connected to its access point radio, can pull up the units config webpage, but not ping ethernet RJ-45 devices connected to it.
  If there is a bridge, then the bridge is broken in half and not functional.
  ~
  All devices are set with IPs on the same subnet,  192.168.2.x
  ~
  I have a Netgear router in Bridge mode, and it works fine, connecting the wifi access point and RJ-45 ethernet clients together like it should be, so I know how Bridge mode... should work...
  But it doesn't on this unit, it is not working completely out the factory door.   It will bridge one Router to another via the RJ-45 ethernet ports, but its own AP radio is no longer bridged and connected (like when running in NAT
  Note that doing cascading  using NAT as described under "Cascading the Linksys router to another router (LAN-WAN)" works fine.

  Hi, 
  There's no WLAN bridge feature on the new Linksys Smart Wifi routers. You might also like to check and review these articles about Bridge Mode: 
  Article ID: 24583 - Setting up your Linksys Wi-Fi or Smart Wi-Fi Router to Bridge Mode
  Article ID: 25714 - Setting up your Linksys Smart Wi-Fi Router to Bridge Mode using your Linksys Smart Wi-Fi Account
  Hope this helps!
  If everyone needs to believe in something, I believe I'll have another beer..

• LDAP routing and DNS combination

  for outgoing devilvery is it possible to combine both LDAP Routing and DNS?
  IE. to send out abc.com that exist on LDAP, it will be delivered using LDAP Routing and for domain that is not exists on LDAP, use DNS instead.
  TIA

  If you haven't explicitly enabled it, then SMTP Routes will be used to forward on the mail.
  fyi, this is for our outbond delivery (not incoming). This is what I have just tested.
  domain.com is in our LDAP, and I'd like to usedns instead of LDAP.routing. domain.com mx records should be somewhere in the internet.
  LDAP query test results:
  Query: LDAP.routing
  Address: [email protected]
  Action: reroute
  Reroute to recipients: - (host: servers.cbn.net.id)
  In smtproutes:
  domain.com: usedns
  In mail_logs:
  Wed Nov 7 18:57:44 2007 Info: LDAP: Reroute query LDAP.routing MID 429897525 RID 0 address [email protected] to [('[email protected]', 'servers.cbn.net.id')]
  Wed Nov 7 18:57:44 2007 Info: LDAP: Mailhost query LDAP.routing address [email protected] to servers.cbn.net.id
  Wed Nov 7 18:57:44 2007 Info: MID 429897526 ICID 0 RID 0 To:
  Although I have already specified to usedns, the message still delivered using LDAP.routing.

• I have a local LAN DNS server. My preferences point to that server. Why does dig give me 8.8.8.8 as my DNS server?

  I have a local LAN DNS server. My preferences point to that server. Why does dig give me 8.8.8.8 as my DNS server?
  Something is/was modifying my DNS preferences to 8.8.8.8 It seems to be pointed correctly now (at my local LAN DNS server), but why was it pointed at 8.8.8.8 before? I never want it pointed to 8.8.8.8

  You've hit the nail on the head Ben.  For point to point communications, the IP addresses should be fixed, therefore there is no need for DNS.  If a DNS is configured, the NIC (Network Interface Card) drivers will try to contact it.
  In my test system, I need DNS for the test computer, but I am communicating with a dedicated Spectrum Analyzer over TCP/IP.  So I added a second NIC.  The main NIC is configured for DNS and all that jazz.  The second NIC (plugged into PCI slot) is configured with a hard coded address, no DNS, no Gateway, nothing else.  I connect that NIC to the spectrum analyzer using a crossover cable.  The analyzer is configured with a hard coded address also.  Now my computer can get on our company network, and the spectrum analyzer is isolated from the network, so it can't catch any viruses, etc., and it still talks to the computer.  When using a configuration such as this, it is best to use a dedicated address for the 2nd NIC and spectrum analyzer in the range of 192.168.100.0 to 254
  - tbob
  Inventor of the WORM Global

• My family owns an Apple Airport router, and my question is that is there a were to remotely access the router and turn it off and on? Thanks

  My family owns an Apple Airport router, and my question is that is there a were to remotely access the router and turn it off and on? Thanks

  Richard's suggestion will turn off and turn on the wireless function on your Mac computer......but.....it will not do anything as far as turning your Apple AirPort router on and off.......which seems to be the question that you are asking above.
  If this is the question that you are asking, it is not possible to power the Apple router on and off from either a local or remote location.

• ITouch loses router and DNS addresses?

  I have had my iTouch for about a week and it connected to my wireless network for the first three days flawlessly. Since that time, it will only connect sporadically and I have noticed that when it doesn't connect, it is because the router and DNS addresses have disappeared in the wireless window in Settings. I can get them back occasionally by renewing lease in this window, but more often than not, renewing lease does not reestablish these addresses.
  I reset the iTouch through itunes, but this did not solve the problem.
  Additional information. The iTouch has the full signal (maximum number of bars). I am using an airport extreme as my base station. I have three macs that I connect to the wireless network through the base station. I have a few airport expresses that are connected to audio equipment or video game units. All of these continue to work well and have no problem connecting to the wireless network.
  Your help/thoughts would be most appreciated.
  Message was edited by: tritium11

  Is your router broadcasting its SSID? If not, try enabling that because the Touch often has a hard time remembering a network if it is hidden. Hiding your SSID is very minimal security, so there's really no point to hiding it.

• DNS question and no name available via DNS and no reverse DNS errors

  We are running an OS X server, 10.4.11, OD Master. We are getting some error messages, and we have setup DNS to forward requests for example.com. (our website) to our web developer's external web server where our website is being hosted.
  Oct 15 10:29:05 [server name omitted] servermgrd: servermgr_dns: no name available via DNS for 192.168.0.5
  Oct 15 10:29:05 [server name omitted] servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
  Oct 15 10:31:48 [server name omitted] /usr/sbin/PasswordService: incorrect digest response
  - and -
  Oct 15 09:54:00 [server name omitted] DirectoryService[103]: GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database)
  Some Background:
  We are running internal DNS services only. We have a domain, example.com. and our OS X Server, server.example.com. We have a website that is being hosted offsite by our web developer. Long ago when they were setting up the SSL certificate for the site, they obtained a certificate for example.com INSTEAD of www.example.com. So, our web developer setup a redirect to redirect web requests to www.example.com to example.com.
  Now, this brings us to our OS X server (server.example.com). We are hosting internal DNS with the same domain, example.com. When employees inside our LAN would put in our web address, example.com, or www.example.com, it would take them to our OS X server. As a workaround, in the DNS settings for the zone in server Admin, I set the Server IP address for the zone to "Other" and specified the external address to the server where the site is hosted by our developer then setup an A record for our server. (We cannot forward requests to www.example.com since our web developer automatically redirects these requests to example.com since that is where the SSL certificate and the search engines are linked to).
  Well obviously this had serious repercussions for server stability. So, I set the server IP address back to the address of our OS X server itself, 192.168.0.5.
  Now, I then went into command line and manually edited the zone files. Here's part of our zone file:
  $TTL 3600
  example.com. IN SOA server.example.com. sysadmin.example.com. (
  2008031015 ; serial
  3h ; refresh
  1h ; retry
  1w ; expiry
  1h ) ; minimum
  example.com. IN NS server.example.com.
  example.com. IN A [external IP address of web server]
  server IN A 192.168.0.5
  We are getting the following error messages regularly:
  Oct 15 10:29:05 [server name omitted] servermgrd: servermgr_dns: no name available via DNS for 192.168.0.5
  Oct 15 10:29:05 [server name omitted] servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
  Oct 15 10:31:48 [server name omitted] /usr/sbin/PasswordService: incorrect digest response
  - and -
  Oct 15 09:54:00 [server name omitted] DirectoryService[103]: GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database)
  Questions:
  Do I need to go back to our zone file and change the A record for example.com. to match our OS X server's address: 192.168.0.5?
  Secondly, is there anything I can do in DNS or elsewhere on the server to redirect web requests to example.com to our web developer's offsite server since the developer's server redirects www.example.com to example.com?
  Thanks in advance? I am stumped.
  Thanks,
  Tyler

  Problem was resolved.
  All I ended up doing was edition my reverse lookup file, db.192.168.0. It was correct, and I simply re-saved it without making any changes. Strangely enough, that did it. No idea why. Maybe a permissions issue with the file?
  I'm still running the server with address record for the domain (example.com.) mapped to our external web server. no problems.
  Tyler

• 2851 router vpn to 851 router lan clients cannot ping

  Greets - I'm expanding my lab experience by adding a 2851 router to my mix of 18xx and 851/871 units. Some of this infrastructure is in production, some just lab work. I have established good connectivity between 18xx's and 851/871's with IPSEC VPNs (site-to-site static and dynamic), but my problem is with adding in a 2851.
  Setup: 2851 with 12.4 ADVENTK9, WAN on GE0/0 as 216.189.223.bbb/26, LAN on GE0/1 as 172.20.0.1/20 (VPN module, but no additional HWIC modules)
  851 with 12.4 ADVENTK9, WAN on FE4 as 216.53.254.aaa/24, LAN on FE0..3 via BVI1 as 172.21.1.1/24
  The two router WAN ports are bridged via a 3rd router (a Zywall with 216.0.0.0/8 route, with the router at 216.1.1.1) affectionately called the "InterNOT", which provides a surrogate to the great web, minus actual other hosts and dns, but it doesn't matter. As both my WAN addresses are within 216.x.x.x, this works quite well. This surrogate has tested fine and is known to not be part of a problem.
  The 851 has been tested against another 851 with complementary setup and a successful VPN can run between the two.
  I have good LAN-WAN connections on each router. I do have a "Good" VPN connection between the two routers.
  The problem: I cannot ping from a LAN host on 172.20.x.x on the 2851 to any 172.21.1.x (eg 172.21.1.1) host on the 851, and vice versa.
  From a LAN host, I can ping to my InterNOT - for example a dhcp host 172.20.6.2 on the 2851 LAN can ping 216.1.1.1 fine. I can also ping the 851's WAN address at 216.53.254.aaa.
  To complicate matters, if I connect to the routers via console, I CAN ping across the vpn to the destination LAN hosts, in both directions.
  This seems to indicate that there is a bridging problem between the LAN interfaces to the VPN interfaces. I suspect this is a config problem on the 2851, as I have had a similar config working on my 851 to 851 site-to-site setups. I also suspect it is in the 2851's config as I'm still just starting out with this particular router.
  So some stripped-down configs:
  For the 2851:
  no service config
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname router2851
  boot-start-marker
  boot-end-marker
  no logging buffered
  no logging console
  enable password mypassword2
  no aaa new-model
  dot11 syslog
  no ip cef
  no ip dhcp use vrf connected
  ip dhcp excluded-address 172.20.0.1 172.20.6.1
  ip dhcp excluded-address 172.20.6.254 172.20.15.254
  ip dhcp pool Internal_2000
     import all
     network 172.20.0.0 255.255.240.0
     domain-name myseconddomain.int
     default-router 172.20.0.1
     lease 7
  no ip domain lookup
  multilink bundle-name authenticated
  voice-card 0
   no dspfarm
  crypto pki <<truncated>>
  crypto pki certificate chain TP-self-signed-2995823027
   <<truncated>>
        quit
  username myusername privilege 15 password 0 mypassword2
  archive
   log config
    hidekeys
  crypto isakmp policy 1
   encr 3des
   authentication pre-share
   group 2
  crypto isakmp key mysharedkey address 216.53.254.aaa
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto map SDM_CMAP_1 1 ipsec-isakmp
   description Tunnel to216.53.254.aaa
   set peer 216.53.254.aaa
   set transform-set ESP-3DES-SHA
   match address 100
  interface GigabitEthernet0/0
   description $ETH-WAN$
   ip address 216.189.223.bbb 255.255.255.192
   ip nat outside
   ip virtual-reassembly
   duplex auto
   speed auto
   crypto map SDM_CMAP_1
   no shut
  interface GigabitEthernet0/1
   description $FW_INSIDE$$ETH-LAN$
   ip address 172.20.0.1 255.255.240.0
   ip nat inside
   ip virtual-reassembly
   no ip route-cache
   duplex auto
   speed auto
   no mop enabled
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
  ip http server
  ip http authentication local
  ip http secure-server
  ip dns server
  ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/0 overload
  access-list 1 remark CCP_ACL Category=2
  access-list 1 permit 172.20.0.0 0.0.15.255
  access-list 100 remark CCP_ACL Category=4
  access-list 100 remark IPSec Rule
  access-list 100 permit ip 172.20.0.0 0.0.15.255 172.21.1.0 0.0.0.255
  access-list 101 remark CCP_ACL Category=2
  access-list 101 remark IPSec Rule
  access-list 101 deny   ip 172.20.0.0 0.0.15.255 172.21.1.0 0.0.0.255
  access-list 101 permit ip 172.20.0.0 0.0.15.255 any
  route-map SDM_RMAP_1 permit 1
   match ip address 101
  control-plane
  banner motd ~This is a private computer system for authorized use only. And Stuff~
  line con 0
  line aux 0
  line vty 0 4
   privilege level 15
   password mypassword
   login local
   transport input telnet ssh
  scheduler allocate 20000 1000
  end
  And for the 851:
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname router851
  boot-start-marker
  boot-end-marker
  logging buffered 52000 debugging
  no logging console
  enable password mypassword
  aaa new-model
  aaa authentication login default local
  aaa authorization exec default local
  aaa session-id common
  resource policy
  clock timezone PCTime -5
  clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
  no ip dhcp use vrf connected
  ip dhcp excluded-address 172.21.1.1 172.21.1.100
  ip dhcp pool Internal_2101
     import all
     network 172.21.1.0 255.255.255.0
     default-router 172.21.1.1
     domain-name mydomain.int
     dns-server 172.21.1.10
     lease 4
  ip cef
  ip domain name mydomain.int
  ip name-server 172.21.1.10
  crypto pki <<truncated>>
  crypto pki certificate chain TP-self-signed-3077836316
   <<truncated>>
    quit
  username myusername privilege 15 password 0 mypassword2
  crypto isakmp policy 1
   encr 3des
   authentication pre-share
   group 2
  crypto isakmp key mysharedkey address 216.189.223.aaa
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
  crypto map SDM_CMAP_1 1 ipsec-isakmp
   description Tunnel to216.189.223.bbb
   set peer 216.189.223.bbb
   set transform-set ESP-3DES-SHA2
   match address 100
  bridge irb
  interface FastEthernet0
   spanning-tree portfast
  interface FastEthernet1
   spanning-tree portfast
  interface FastEthernet2
   spanning-tree portfast
  interface FastEthernet3
   spanning-tree portfast
  interface FastEthernet4
   description $ETH-WAN$
   ip address 216.53.254.aaa 255.255.254.0
   ip nat outside
   ip virtual-reassembly
   ip tcp adjust-mss 1460
   duplex auto
   speed auto
   no cdp enable
   crypto map SDM_CMAP_1
   no shut
  interface Vlan1
   description Internal Network
   no ip address
   ip nat inside
   ip virtual-reassembly
   bridge-group 1
   bridge-group 1 spanning-disabled
  interface BVI1
   description Bridge to Internal Network
   ip address 172.21.1.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly
  ip route 0.0.0.0 0.0.0.0 FastEthernet4
  ip route 172.21.1.0 255.255.255.0 BVI1
  ip http server
  ip http secure-server
  ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
  access-list 1 remark CCP_ACL Category=2
  access-list 1 permit 172.21.1.0 0.0.0.255
  access-list 100 remark CCP_ACL Category=4
  access-list 100 remark IPSec Rule
  access-list 100 permit ip 172.21.1.0 0.0.0.255 172.20.0.0 0.0.15.255
  access-list 101 remark CCP_ACL Category=2
  access-list 101 remark IPSec Rule
  access-list 101 deny   ip 172.21.1.0 0.0.0.255 172.20.0.0 0.0.15.255
  access-list 101 remark IPSec Rule
  access-list 101 deny   ip 172.21.1.0 0.0.0.255 172.21.101.0 0.0.0.31
  access-list 101 permit ip 172.21.1.0 0.0.0.255 any
  route-map SDM_RMAP_1 permit 1
   match ip address 101
  control-plane
  bridge 1 route ip
  banner motd ~This is a private computer system for authorized use only. And Stuff.~
  line con 0
   password mypassword
   no modem enable
  line aux 0
  line vty 0 4
   password mypassword
  scheduler max-task-time 5000
  end
  Note that the above are somewhat stripped-down configs, without firewall or WAN ACL's - interestingly my default WAN-Inbound ACLs seem to break connectivity when included, so I realize I have some more cleanup to do there, but the 2851 LAN bridging seems to be what I should concentrate on first.
  I'm still googling some of the particulars with the 2851, but any assistance is appreciated.
  Regards,
  Ted.

  Hi,
  First,please delete NAT.If we configured the NAT in the RRAS,the source IP address in all packets sent to 192.168.1.0/24 would be translated to 192.168.1.224.
  Second,please enable the LAN routing in RRAS server.To enable LAN routing,please follow the steps below,
  1.In the RRAS server,Open Routing and Remote Access.
  2.Right-click the server name,then click
  properties.
  3.On the General tab,select
  IPv4 Router check box,and then click Local area network(LAN) routing only.
  Then,announce the 172.16.0.0 network to the router.
  To learn more details about enabling LAN routing, please refer to the link below,
  http://technet.microsoft.com/en-us/library/dd458974.aspx
  Best Regards,
  Tina

• Quantum Gateway Router - Local DNS not working

  I just installed the Quantum Gateway Router, and I can't seem to get local DNS (i.e. user defined DNS entries) to work correctly.   I'm able to make user-defined entries under Advanced->DNS Server, but the when I attempt to ping the entries, from any machine on my LAN/WLAN, the entries are not resolved.   Has anyone else run into this problem?
  Thanks in advance!
  Solved!
  Go to Solution.

  That is correct.  that would be the address for the dns resolver that is handed out for dhcp connections.
  You may want to check that your router is actually getting dns server addresses for use with it's dhcp connection from the wan.
  Log into the router
  select My Network
  Select Network Connections
  select Network (home/office)
  Halfway down the page see the dns server line
  if it says no dns server then it should default to the dns servers provided the wan connection.
  you can override the values here by
  selecting the drop down value use the following dns servers
  then you can 2 values in the fields that appear - typically opendns or google servers.
  To see the dns servers that came with the wan dhcp connection
  select My Network
  Select Network Connections
  Select broadband connection
  halfway down the page are the dns values 
  These can be over ridden too by
  Selecting settings and then selecting the 

• Router and related question

  Try to do the web hosting. The Web Server will host about 10 web applications for the public access (from several hundreds to a couple of thousands people to concurrently access). This server will be located in a Server-Hosting-Company which will use T1/T3 line to connect with the Internet. My web server will be placed in the hosting company's server room (This means that the hosting company will take care of the internet connection, while my server in turn will connect to the company's LAN system). . Now my questions are:
  1) I would like to have a router to act as a firewall, switch, VPN, and to support the DMZ. There is only the data pass though (no sound and vedio is required)
  Of course, the faster, the better. But I would also take the budget into the consideration, so the router should resasonably get the job down, but not be over spended on. Which Cisco routers fits better: 1801 or 2801, or else?
  2) This router will not connect to a DSL or T1 or T3, instead, it will directly plug into the server room's LAN system, can I hook it up using the router's Ethernet port?
  3) To place a web cache machine in the DMZ, can I connect the Web Cache machine to the router's Ethernet port? Or, is there a port SPECIALLY for the DMZ to make the connection?
  Many thanks.
  Scott

  1800s are fixed configs with only wic slots, and you dont need wic slots in your app.
  Get a 2811 for a min, it will have two fastE interfaces or you can get a 2821 or 2851 which have 2 GigE ports onboard. You can use IOS firewal feature on the router and also can do VPN. You need to get the Advanced security or higher feature set and an AIM card if you plan to terminate a lot of VPN connections.
  To support a DMZ switch on the router itself you can buy a module such as NM-16ESW - 16 port switch and put your servers there. You can use ACLS and CBAC to permit specific traffic going to these web servers.
  IOS firewall wont be truly the same as using a dedicated firewall such as PIX or ASA. So I would recommend using a PIX firewall for this purpose.

• How can I reset my router's DNS settings?

  I've got a network with a Time Capsule providing an ethernet connection for my desktop, as well as a wireless connection for my wireless devices. From my desktop, I run a website, hosted with a major remote web space provider. What's happened recently is that when I try to upload anything from Dreamweaver to my host, I get a nondescript (no error code) "FTP error." When I try to access my site from any of my browsers on any of the clients on the network, be they ethernet or wireless, I get a "could not connect to server" message. I tried down or just me, as well as a proxy, and they both worked; I narrowed down the problem to a DNS issue on my Time Capsule.
  The URL in question is www.theapplenewsreel.com, and the corresponding IP is 216.250.121.1.
  I tried running NSLOOKUP from Terminal, and I just got this:
  Last login: Sun May 27 11:23:33 on ttys000
  my-imac:~ username$ NSLOOKUP www.theapplenewsreel.com
  Server:     127.0.0.1
  Address:    127.0.0.1#53
  Name:   www.theapplenewsreel.com
  Address: 192.168.1.111
  Basically, the connection, for some reason, stays inside my local network. The rest of the Internet is accessible via all my devices without modifying any settings.
  Problem is, I've got no idea how to fix the problem at this point. Can someone help?

  The DNS server(s) IP addresses are typically provided to you by your ISP. If you connect a router to the ISP-provided modem, you can change the DNS servers to be used in the router settings and this includes the AirPort routers.
  If you have a situation where you have two routers in series, the downstream router would normally be placed in bridge mode. This would disable both its NAT & DHCP services. Since DHCP is used to distribute the DNS server addresses to network clients, the router upstream of the second router. I believe this is what HACKINT0SH is referring two.

• How to config vpn pool on asa5510 in a Multi-hop routing lan?

  home----internet----asa5510(172.16.0.1/30)----(172.16.0.2/30)Internet behavior management(172.16.0.5/30)----(172.16.0.6/30)LAN(192.168.1.0/24)
  I want to use 'remote access ipsec vpn' to connect LAN(192.168.1.0/24),but i don't konw how to config vpn pool on asa 5510.
  Does someone kown how to do?

  Hi,
  The VPN Pool could be pretty much any network/subnet.
  The amount of routing hops on the LAN network doesnt really matter. The ASA should have a route for the LAN network so it can forward the VPN user traffic there. The return traffic from the LAN to the VPN user should be forwarded with the default route of the network devices. If your default route isnt pointing to this ASA then you naturally need to add a route for the VPN Pool on your LAN devices.
  Though I am not sure I have understood your question completely.
  - Jouni