Disable Domain Lookup on Typos

Posted on July 26, 2012 by

Don’t you hate when you type a command incorrectly and your Cisco IOS device seems to take forever to time out and give you back control? You know how it is:

sw1#conft
Translating "conft"...domain server (192.168.1.1)
% Unknown command or computer name, or unable to find computer address

The typical answer to this is to disable ip domain-lookup altogether. That obviously works but you now have to do everything by IP address rather than by name. Good luck with that as the world moves toward IPv6 by the way… While tunnel setups, etc. should arguably be created with IP address anyhow there are a lot of reasons name resolution is a must.
To fix this we must first understand what exactly is happening that causes the forever timeout to occur. Let’s look at another example:

sw1#sw7
Translating "sw7"...domain server (192.168.1.1) [OK]
Trying sw7.test.net (192.168.254.7)... Open
User Access Verification
Username:

Ahhh…. It looks like a command like this opens a telnet session to the “hostname” you typed in! Now that we know what’s happening we have a better shot of disabling it. How do we configure the device to not to attempt to telnet? Enter line configuration mode for the line that you will be working from. In my case I am typically on the VTY’s via SSH but console will take these settings as well. We want to force this line to have no preferred transport method for outgoing connections with something like this:

sw7#conf t
Enter configuration commands, one per line. End with CNTL/Z.
sw7(config)#line vty 0 4
sw7(config-line)#transport preferred none

Now let’s see how it’s working…

sw7#notvalidcommand
^
% Invalid input detected at '^' marker.
sw7#ping google.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 74.125.226.231, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 25/35/42 ms

We now have name resolution without the nuisance associate with typo’s! If an invalid command is typed control is immediately returned to the user and the timeout period never happens.

The only downfall is that you now have to type “telnet ” if you want to connect to another device. Then again, I’m sure thats not going to drastically change your workflow…

This entry was posted in Networking and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.