<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

[Video] Cisco IP DNS Configuration Command and How it Can Improve Your Performance

March 12, 2015

I love testing out configuration myths. 

OK, to be fair they are  probably not myths - but many of these suggestions work in very specific situations. I try to caution my friends and clients that blindly following a configuration suggestion can lead to more problems. In other words, your mileage will vary.

When I see a tip or trick that will improve performance, I try to understand what the issue was for the author, what impact the change had and what was their testing methodology.

Ideally I would like to reproduce the test and results to prove that this either worked or that this change made no difference. The last scenario would be if this caused more issues and to back out, but that should be an obvious conclusion and procedure.

In this example I remember reading about Cisco’s ip dns configuration command which turns your Cisco router into a DNS proxy or sorts. This is helpful if you do not have a DNS server locally and if your DNS lookups take a considerable amount of time (i.e. 30ms and higher).

 

What Your Network Is Missing 7 Tools To TAP

Here’s how a sample configuration looks:

Router1# configure terminal
Router1(config)# ip dns server
Router1(config)# ip domain-lookup
Router1(config)# ip name-server 8.8.8.8

Now the fun part: I captured packets of the following scenarios:

  1. Using my router as a DNS server without this command to see what error message – if any that I would receive
  2. Using my router as a DNS server with the ip dns command to measure my DNS response time which should be the same as before
  3. Using my router as a DNS server with the ip dns command to measure my DNS response time which should be quicker now that the DNS name was already in cache

From my Windows computer, I executed the following commands:

  • ipcondig /flushdns – to clear my DNS cache
  • ping gogole.com – forces a DNS lookup and then pings the host

Watch the video here:

 

 

 

Tony Fortunato, CCNA, CFNI, CWI
Sr Network Performance Specialist
The Technology Firm
www.thetechfirm.com
Getting things to work better - bit by bit-
Linkedin Profile http://ca.linkedin.com/in/fortunat
Lovemytool Blog: http://www.lovemytool.com/blog/tony-fortunato/
Youtube Channel: http://www.youtube.com/user/thetechfir
Google Plus: http://plus.google.com/+Thetechfirmplus
Certified Wireshark and Fluke Instructor

 

Want to learn more about the many network tools that help you manage your network? Download What Your Network Is Missing: 7 Tools To TAP

 

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES