Category Archives: Networking

Display entries in Windows DNS cache

Applies to: Windows

DNS search results are cached on local systems to prevent a lookup every time the search is required. Sometimes during troubleshooting it is helpful to see the contents of the DNS client cache. This recipe describes the process of viewing the Windows DNS cache.

To view the DNS cache on the local system, type the following command from a command prompt:

ipconfig /displaydns | more

The | more is optional and will pause the output after each screenful which may be helpful since the DNS cache can get large and the output format uses several lines per record.

A sample output from this command is shown below. This is an address lookup for the host microsoft.com. The Record Name and A (Host) Record lines show the request and answer. The Time To Live field shows the number of seconds before this entry expires.

microsoft.com
—————————————-
Record Name . . . . . : microsoft.com
Record Type . . . . . : 1
Time To Live  . . . . : 3597
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 207.46.197.32

Clear DNS Cache Manually

Applies to: Windows, Cisco

When you use DNS to resolve hostnames to IP addresses or services end point addresses, you sometime may want to clear the DNS cache manually.

On Windows you can clear the DNS cache with the “ ipconfig /flushdns ” command.

On Cisco gear you can use the “ clear hosts * ” in enable mode.

Clear Cisco Router Logs

Applies to: Cisco Routers and Firewalls

To clear the router’s log, use this command in enable mode:

clear logging

Setup U-Turn (Hairpinning) on Cisco ASA

Applies to: Cisco ASA firewalls
IOS requirement: ASA Version 7.2(1)

U-Turn (Hairpinning with static NAT) is used for making the outside interface (the one that points to the Internet) of an ASA device available to inside users. Let’s say you have enabled inbound http traffic on the outside interface, such as Static NAT to an inside Web server. By default, inside users wouldn’t be able to connect to that port on the outside interface, the ASA device wouldn’t have a path to route the traffic properly.

This is  a when the U-Turn feature comes into play. It enables the ASA device to route traffic from inside users the same way as if the traffic would come from outside.

Caution: Carefully consider the expected amount of traffic and the capabilities of your ASA device before you implement this solution, because it involves sending all traffic between the client and the Web server through the ASA device.

Step 1: Enabling traffic of same security level to pass

  • same-security-traffic permit intra-interface
    This command enables traffic of the same security level to transit the ASA device. The permit intra-interface keyword allows that same-security-traffic to enter and leave the same interface, thus hairpinning is enabled.

Step 2: Enabling hairpinned client access through ASA device

  • global (inside) 1 interface
    All traffic that crosses the security appliance must undergo NAT. This command uses the inside interface address of the security appliance in order to enable traffic that enters the inside interface to undergo PAT as it is hairpinned back out the inside interface.

Step 3: Create static NAT entry

  • static (inside,inside) {IP address of outside interface} {IP address of Web server} netmask 255.255.255.255
    This static NAT entry creates a second mapping for the public IP address of the WWW server. However, unlike the first static NAT entry that you have already in place, this time the internal address of the Web server is mapped to the inside interface of the ASA device. This allows the ASA to respond to requests that it sees for this address on the inside interface. Then, it redirects those requests to the real address of the Web server through itself.

Step 1 and 2 need to be done only once, as they are global statements. If you require U-Turn setup for multiple services, repeat step 3 for each of them.