Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor II
Posts: 13
Registered: ‎10-27-2011

DNS responses dropped by IAP

I have the weirdest issue, something like I've never seen before.

 

I have one Aruba 225 IAP.  It's connected to a poe switch.  I have a router also connected to the poe switch.  There is only one vlan.  I'm using this IAP at home, so it's a very simple network.

 

I've noticed over the last few months that on my two laptops (one is Mac OS, the other is Arch Linux), I have trouble with resolving DNS.  It sometimes causes some applications to time out their connections as a result.

 

On my Mac, if I do a DNS lookup I get the following:

pajamapants-mbpr:~ christopher$ host arubanetworks.com
arubanetworks.com has address 54.144.31.176
;; connection timed out; no servers could be reached
;; connection timed out; no servers could be reached

The first answer comes back immediately, but the second two take another 10-20 seconds each.  Doing some tcpdumps, the computer is trying to look up IPv6 records (type AAAA).  I do not have IPv6 running on my network and it's not running on my router.  However, IPv6 addresses can be looked up over IPv4 transport.

 

What makes me think this is an IAP issue is that if I plug into a wired port on the same switch and same vlan as I would be on with wireless, I get immediate DNS response:

pajamapants-mbpr:~ christopher$ host arubanetworks.com
arubanetworks.com has address 54.144.31.176
arubanetworks.com has IPv6 address 2406:da00:ff00::1717:73ba
arubanetworks.com has IPv6 address 2406:da00:ff00::36eb:dfa5
arubanetworks.com has IPv6 address 2406:da00:ff00::36f3:e764

Also, if I do a tcpdump on my laptop at the same time as on my router (which is CentOS), I see the AAAA request make it to the router, the router sends the response, but my laptop never receives it when connected to the IAP.

 

I have fooled with IAP settings all night tonight and I'm officially stumped.  Does anyone have any clue as to what could be going on here?

Aruba Employee
Posts: 27
Registered: ‎02-10-2014

Re: DNS responses dropped by IAP

What version of code are you running on IAP? also, have you tried disabling IPv6 on the OS level?
MVP
Posts: 301
Registered: ‎04-03-2014

Re: DNS responses dropped by IAP

Try configuring a * under enterprise domains. We´ve seen this issue but then we were resolving DNS over an IPSEC tunnel, perhaps you´re doing that to?

Christoffer Jacobsson | Aranya AB
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP
Occasional Contributor II
Posts: 13
Registered: ‎10-27-2011

Re: DNS responses dropped by IAP

I'm currently running 6.4.2.6-4.1.1.9_51442.  There is an update available (6.4.2.6-4.1.1.10_51810).  I can try that later, but it is a very minor revision.

 

I have disabld IPv6 as much as it's possible to disable it in both of these operating systems.  We have Aruba at work (not IAPs though, regular controllers) and it does not suffer the same issue.

Occasional Contributor II
Posts: 13
Registered: ‎10-27-2011

Re: DNS responses dropped by IAP


Christoffer wrote:

Try configuring a * under enterprise domains. We´ve seen this issue but then we were resolving DNS over an IPSEC tunnel, perhaps you´re doing that to?



Thanks for the idea to try an enterprise domain of *.  I had a blank table and added * to it.  It doesn't seem to have changed anything and the problem remains.

Guru Elite
Posts: 20,761
Registered: ‎03-29-2007

Re: DNS responses dropped by IAP

Please upgrade from 4.1.1.9. It has a known issue with DNS.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 13
Registered: ‎10-27-2011

Re: DNS responses dropped by IAP


cjoseph wrote:
Please upgrade from 4.1.1.9. It has a known issue with DNS.

Well, look at that.  It appears it does have a DNS issue.  I just ran the upgrade and everything looks fine.

 

I appreciate the help, guess I should have tried that first! :)

Search Airheads
Showing results for 
Search instead for 
Did you mean: