There are many ways you could configure a DNS server. If you are a network engineer and wanted to build a private DNS server for a small office, you would rather set up a router as a DNS server than configuring a Linux or a Windows machine for the same purpose, right ?

In this lab, we are going to configure the Cisco router as a DNS server in gns3. Even though we are running in GNS3, the configuration remains the same on the actual physical routers as well.
This DNS configuration would also be useful when you wanted to run some lab that requires DNS.

Prerequisite for Cisco router DNS configuration lab

• GNS3 or any emulation software.
• Any cisco router image. You could use Cisco IOU, Cisco VIOS or CSR1000v. I have tested with gns3 compatible cisco IOS image, but Some commands do not work with them.
• Below is the lab topology that we are going to work on, we would be creating host A record for all the end hosts.

I am not using any other devices apart from the ‘router’ and the ‘gns3 switch’ in this topology. Follow the below steps to get this network up and running before we begin the DNS configuration.

• Add Seven cisco routers to the topology like above, change its name, and its symbols according to the diagram. Changing the symbol is optional though.
• Add a gns3 switch or IOU or VIOS switch to the diagram to connect the devices towards the gateway. For simplicity, I am adding the gns3 built-in switch.
• Disable IP routing on all the end hosts, except the DNS server routers and the Gateway.

To disable IP routing on cisco router, enter the below.

config terminal
no ip routing

• Configure the default route on both the DNS server routers like below.

ip route 0.0.0.0 0.0.0.0 192.168.1.1

• Configure the IP address on each end hosts also in the gateways.
• Enable IP domain lookup on all the end hosts with the command ip domain lookup
• Make sure all the devices are connected, and it’s able to ping to each other.

DNS1#ping 10.1.1.11
 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 10.1.1.11, timeout is 2 seconds:
 .!!!!
 Success rate is 80 percent (4/5), round-trip min/avg/max = 32/47/56 ms
 DNS1#ping 10.1.1.22
 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 10.1.1.22, timeout is 2 seconds:
 .!!!!
 Success rate is 80 percent (4/5), round-trip min/avg/max = 36/54/68 ms
 DNS1#ping 10.100.1.6
 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 10.100.1.6, timeout is 2 seconds:
 .!!!!
 Success rate is 80 percent (4/5), round-trip min/avg/max = 32/46/52 ms
 DNS1#ping 10.100.1.2
 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 10.100.1.2, timeout is 2 seconds:
 .!!!!
 Success rate is 80 percent (4/5), round-trip min/avg/max = 44/49/52 ms
 DNS1#ping 192.168.1.6
 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 192.168.1.6, timeout is 2 seconds:
 .!!!!
 Success rate is 80 percent (4/5), round-trip min/avg/max = 40/49/52 ms
 DNS1# 

Everything looks great, and our network is up and running with full reachability. Let’s go ahead and configure the DNS on the cisco routers now.

DNS Server configuration on Cisco router.

Step1. Make the router as DNS server by entering the command ip dns server

Step2. Enable DNS lookup on the server
ip domain-lookup
that way you can check the naming resolution from the server itself.

Step3. Mention the domain name in my case getlabsdone.local, in your network you have to mention your own DNS domain name
ip domain name getlabsdone.local

Step4. Mention the DNS servers, first being the primary and second being the secondary and territory and so on.

DNS1

ip name-server 192.168.1.5 192.168.1.6

DNS2

ip name-server 192.168.1.6 192.168.1.5

Step5. Mention the NS record known as name server record as primary and secondary.

DNS1

ip dns primary getlabsdone.local soa dns1.getlabsdone.local mailbox.getlabsdone.local

DNS2

ip dns primary getlabsdone.local soa dns2.getlabsdone.local mailbox.getlabsdone.local

Step6. Create host A record, which is the actual DNS name that we are going to assign for the hosts on the network.

ip host dns1.getlabsdone.local 192.168.1.5
ip host dns2.getlabsdone.local 192.168.1.6
ip host web1.getlabsdone.local 10.100.1.2
ip host ftp1.getlabsdone.local 10.100.1.6
ip host pc1.getlabsdone.local  10.1.1.11
ip host pc2.getlabsdone.local  10.1.1.22

Step7. You now configured the DNS servers successfully, now you will have to point all the host machines to the primary and the secondary DNS servers also enable host lookup. Enter the below commands on all the end hosts.

ip name-server 192.168.1.5 192.168.1.6
ip domain-lookup

Note: Configuring the Name server manually on the DNS clients could have been avoided if we would have set up DHCP server and send the information that way.

The final configuration from the DNS servers

DNS1

ip dns server
ip domain-lookup
ip domain name getlabsdone.local
ip name-server 192.168.1.5 192.168.1.6
ip dns primary getlabsdone.local soa dns1.getlabsdone.local mailbox.getlabsdone.local
ip host getlabsdone.local ns dns1.getlabsdone.local
ip host getlabsdone.local ns dns2.getlabsdone.local
ip host dns1.getlabsdone.local  192.168.1.5
ip host dns2.getlabsdone.local  192.168.1.6
ip host web1.getlabsdone.local  10.100.1.2
ip host ftp1.getlabsdone.local  10.100.1.6
ip host pc1.getlabsdone.local   10.1.1.11
ip host pc2.getlabsdone.local   10.1.1.22

DNS2

ip dns server
ip domain-lookup
ip domain name getlabsdone.local
ip name-server 192.168.1.6 192.168.1.5
ip dns primary getlabsdone.local soa dns2.getlabsdone.local mailbox.getlabsdone.local
ip host getlabsdone.local ns dns2.getlabsdone.local
ip host getlabsdone.local ns dns1.getlabsdone.local
ip host dns1.getlabsdone.local 192.168.1.5
ip host dns2.getlabsdone.local 192.168.1.6
ip host web1.getlabsdone.local 10.100.1.2
ip host ftp1.getlabsdone.local 10.100.1.6
ip host pc1.getlabsdone.local  10.1.1.11
ip host pc2.getlabsdone.local  10.1.1.22

DNS verification

Before you verify and test DNS configuration done on the Cisco router, type show hosts to see the DNS records.

DNS1#show hosts
Default domain is getlabsdone.local
Name/address lookup uses domain service
Name servers are 192.168.1.5, 192.168.1.6

Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
       temp - temporary, perm - permanent
       NA - Not Applicable None - Not defined

Host                      Port  Flags      Age Type   Address(es)
getlabsdone.local         NA    (perm, OK)  0  NS       dns1.getlabsdone.local
                                                            dns2.getlabsdone.local
                                                SOA      dns2.getlabsdone.local mailbox.getlabsdone.local
                                                   0 21600 900 7776000 86400
dns1.getlabsdone.local    None  (perm, OK)  0   IP    192.168.1.5
dns2.getlabsdone.local    None  (perm, OK)  0   IP    192.168.1.6
web1.getlabsdone.local    None  (perm, OK)  0   IP    10.100.1.2
ftp1.getlabsdone.local    None  (perm, OK)  0   IP    10.100.1.6
pc1.getlabsdone.local     None  (perm, OK)  0   IP    10.1.1.11
pc2.getlabsdone.local     None  (perm, OK)  0   IP    10.1.1.22

To check the DNS is working or not, you can start pinging the devices using the hostname fqdns.
In case if you are using linux or windows host as an end user you could use the command nslookup and the fqdns

for example nslookup ftp1

• In the PC1 (in our case the router with no routing enabled) point the dns server with the below command
  ip name-server 192.168.1.5 192.168.1.6
• Start ping the devices like below.

PC1#ping ftp1
Translating "ftp1"...domain server (192.168.1.5) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.1.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/50/52 ms
PC1#ping dns1
Translating "dns1"...domain server (192.168.1.5) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/48/52 ms
PC1#ping dns2
Translating "dns2"...domain server (192.168.1.5) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/49/56 ms
PC1#ping pc2
Translating "pc2"...domain server (192.168.1.5) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/49/52 ms
PC1#

As you can see we got the response from the primary DNS server 192.168.1.5 to let’s bring the primary DNS server offline and try to do the same steps to verify whether the secondary DNS server working or not.

• Shut down the dns1 router interface gi0/0

Enter configuration commands, one per line.  End with CNTL/Z.
DNS1(config)#int g0/0
DNS1(config-if)#shut
DNS1(config-if)#

• Lets try pinging the hostnames now.

PC1#ping ftp1
Translating "ftp1"...domain server (192.168.1.5) (192.168.1.6) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.1.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/50/56 ms
PC1#

It waited for a response from the primary DNS server for some time, after that it started to resolve the name from the secondary DNS server and that worked.

Now if you try to do the ping again, the secondary DNS server remains the same for all the queries.

PC1#ping web1
Translating "web1"...domain server (192.168.1.6) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/51/56 ms
PC1#ping dns2
Translating "dns2"...domain server (192.168.1.6) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/49/52 ms
PC1#ping pc2
Translating "pc2"...domain server (192.168.1.6) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/50/56 ms
PC1#
PC1#ping dns1
Translating "dns1"...domain server (192.168.1.6) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

• Did you also notice that dns1 is not reachable during the ping?
  It is expected because we had shut down the primary DNS.
• Even if you bring the primary DNS server back into the network the DNS clients still use the secondary DNS server until the secondary server would become unavailable.

---