< Home

Users Cannot Access the Internet Because the DNS Server Address Is Blocked

Fault Description

An ACL is configured on the device to restrict destination addresses accessible to users; however, the DNS server address is blocked in the ACL. As a result, the query packets sent from users to the DNS server are discarded. The domain names cannot be resolved, so users cannot access the Internet.

Procedure

  1. Run the display acl command in the system view to check ACL rules.

    The following rule is included:

    rule 100 deny ip destination 10.102.192.0 0.0.0.255  //Reject the packets from network segment 10.102.192.0/24.

    The DNS server address configured on user PCs is 10.102.192.68, which belongs to the network segment 10.102.192.0/24. Therefore, packets sent from users to the DNS server are discarded. The domain names cannot be resolved, so users cannot access the Internet.

  2. Run the rule command in the ACL view to add a rule to permit the DNS server address.

    rule 99 permit ip destination 10.102.192.68 0.0.0.0  //Permit the packets destined for the DNS server.
    rule 100 deny ip destination 10.102.192.0 0.0.0.255  //Reject the packets destined for network segment 10.102.192.0/24.

    After rule 99 is added, the packets sent from users to the DNS server match rule 99 and pass. The domain names can be resolved, and users can access the Internet.

Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >