You are here: Home / Blog / Three ways to fix the Cisco IOS Translating “xyz” Domain Server

Three Ways to Fix the Cisco IOS Translating “Xyz” Domain Server

27th January 2011 by 10 Comments

If domain lookup is enabled (default) the router treats each every command as a hostname, attempts to make a telnet connection to that which, in turn, attempts to resolve a Hostname to IP address by querying the DNS server.

Here is a typical sample.
R2#xyz
Translating "xyz"...domain server (255.255.255.255)
Translating "xyz"...domain server (255.255.255.255) (255.255.255.255)
Translating "xyz"...domain server (255.255.255.255)
% Unknown command or computer name, or unable to find computer address

This waste of time can be avoided with one of the following solutions:

Solution1:Disable domain lookup:

I mean, do routers really need to do name lookups ? In certain cases, the answer is yes (syslog to a hostname for failover etc) but mostly, no. So you can disable it.

R2(config)#no ip domain lookup

Solution2: Disable outbound Telnet session

For cases where name lookup is needed you can stop the router from initiating connection without typing the telnet keyword:

R2(config)#ip domain lookup
R2(config-line)#line con 0
R2(config-line)#transport preferred none

This is a pretty clever trick that I only discovered recently. Not sure why disabling the session transport on the console works, but it does.

Solution 3: Reduce the connection timeout values for TCP connections

By default IOS opens a TCP connection with a 30 seconds timeout. That’s a long time and that’s why its takes so long for the connections to fail. You can reduce the global TCP settings for connection timeout.

R2(config)#ip tcp synwait-time 5

I talk about the details on this command in this post from a while back as there are some caveats: IOS: Setting the TCP Timeout on IOS

Competency Warning

It should be noted that the domain lookup command is related to other commands, notably the DHCP interface. Where you are configuring a DHCP interface (such as a DSL network interface), and your are trying to put the DNS discovered from the ISP interface into your DHCP server (for your home network say), then the domain lookup is needed. Effectively, you are disabling the onboard DNS software process by removing domain lookup.

Similar things happens when you say “no ip bootp server” which diables the DHCP as well, since they both run the same software thread.

You would test everything I say before you use it ? Wouldn’t you ? You really really should.

Filed Under: Blog, Cisco, Operation Tagged With:
About Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus

  • Steve Wright

    To add to this, solution 2 works for me for VTY lines also:

    R2(config)#ip domain lookup
    R2(config-line)#line vty 0 4
    R2(config-line)#transport preferred none
    R2(config-line)#transport input telnet ssh

    Thanks!

  • http://www.jonstill.com/ Jon Still

    It’s worth pointing out that in Solution 1, that even when a router does DNS lookups, those lookups are only done at the point of configuration:

    R1#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    R1(config)#logging logserver.example.com
    Translating “logserver.example.com”…domain server (10.1.2.10) [OK]

    R1(config)#do sh run | inc logging
    logging buffered 8192
    logging source-interface Loopback0
    logging 10.1.2.20

    This isn’t such a problem for single servers, but it does pretty much rule out using any form of DNS round-robin or load-balancing for these services. This is something I first encountered when trying to configure pool.ntp.org as an NTP server on a Cisco box!

  • http://packetlife.net/ stretch

    I must be missing something. What does the TCP wait time have to do with UDP-based DNS? Does it affect the DNS timeout as well?

    • http://fragmentationneeded.net chrismarget

      Setting synwait time doesn’t affect the DNS query, but it can still help.

      If you’re (say) trying to telnet to an IP address but mistype it, you’ll only have to wait 5 seconds for it to fail, not 30. Same goes for a host that *does* resolve, but which can’t or won’t reply.

  • http://fragmentationneeded.net chrismarget

    “Not sure why disabling the session transport on the console works, but it does.”

    Greg, my experience is that you need to disable the preferred outbound transport type on the specific line where you want it to work, not just the console:

    Rack2-3550#192.168.0.7
    Trying 192.168.0.7 … <- Trying to telnet without typing "telnet"
    % Connection timed out; remote host not responding

    Rack2-3550#conf t
    Rack2-3550(config)#line con 0
    Rack2-3550(config-line)#transport preferred none
    Rack2-3550(config-line)#end
    Rack2-3550#192.168.0.7
    Trying 192.168.0.7 … <- Still trying to telnet without typing "telnet"
    % Connection timed out; remote host not responding

    Rack2-3550#conf t
    Rack2-3550(config)#line vty 0 15
    Rack2-3550(config-line)#transport preferred none
    Rack2-3550(config-line)#end
    Rack2-3550#192.168.0.7
    ^
    % Invalid input detected at '^' marker. <- That's better!

  • http://twitter.com/verbosemode Jochen

    I had always used “no ip domain lookup”, until I was configuring a 871 router for a small branch office. The router received the DSL provider’s DNS servers via IPCP, but it couldn’t be used as DNS resolver by the clients. Some minutes later I realized that I’ve disabled DNS resolution entirely on the router with the above command.

    Since then “transport preferred none” is my new favorite

  • http://fragmentationneeded.net chrismarget

    4th option:
    Configure a DNS server!

    Lots of networks run with no DNS support on network gear. I’m not sure there’s a good argument for doing that. Why NOT tell your router about a DNS server? It doesn’t necessarily create any new dependency, so why not just get DNS working?

    Is there a rational argument against allowing DNS resolution on routers and switches?

  • zum

    5th option…

    #terminal no domain-lookup
    ^ disables per session domain lookup

  • LACNSS

    the command is

    no ip domain-lookup

    IT WON’T WORK WITHOUT THE HYPEN~!!!!!!!!!!!

  • LACNSS

    I found the hyphen was required in IOS versions below 12.2. I am using Packet Tracer 5.0 and though it is 12.2 it uses the older IOS convention. I upgraded to Packet Tracer 5.3 and I can use the command without a hyphen. {place hands over face and think Ethereal mind logo} 8]