ArubaOS and Controllers

Reply
New Contributor
Posts: 3
Registered: ‎08-03-2007

Controller DNS server

Hi

Is this feature still available in version 5 code?

"If you have the PEF license is to DNAT DNS requests in the pre-authentication (probably logon) role to the controllers IP address. The controller has a built in DNS responder that will always respond with its own IP address and a lifetime of about 5 seconds. "

Does it need to be explicitly enabled?

Thanks

Scott
Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

DNS responder

Since ArubaOS 3.4, the DNS implementation has changed to a full DNS proxy and it no longer does this. That means in ArubaOS 3.4 to 5.0, if you configure a DNS server, domain name and configure ip domain-lookup, the server will proxy the DNS requests to an external server and resolve the address:

config t
ip domain-name arubanetworks.com
dns-server 8.8.8.8
ip domain-lookup

cjoseph:~ colinjoseph$ nslookup
> server 192.168.1.3
Default server: 192.168.1.3
Address: 192.168.1.3#53
> www.yahoo.com
Server: 192.168.1.3
Address: 192.168.1.3#53

Non-authoritative answer:
www.yahoo.com canonical name = fp.wg1.b.yahoo.com.
fp.wg1.b.yahoo.com canonical name = any-fp.wa1.b.yahoo.com.
Name: any-fp.wa1.b.yahoo.com
Address: 69.147.125.65
Name: any-fp.wa1.b.yahoo.com
Address: 67.195.160.76
> www.nwfusion.com
Server: 192.168.1.3
Address: 192.168.1.3#53

Non-authoritative answer:
www.nwfusion.com canonical name = nwfusion.com.
Name: nwfusion.com
Address: 65.214.57.165
> www.yahoo.com
Server: 192.168.1.3
Address: 192.168.1.3#53

Non-authoritative answer:
www.yahoo.com canonical name = fp.wg1.b.yahoo.com.
fp.wg1.b.yahoo.com canonical name = any-fp.wa1.b.yahoo.com.
Name: any-fp.wa1.b.yahoo.com
Address: 69.147.125.65
Name: any-fp.wa1.b.yahoo.com
Address: 67.195.160.76


If you turn off ip domain-lookup, after a reboot, it will just refuse DNS requests;

> server 192.168.1.3
Default server: 192.168.1.3
Address: 192.168.1.3#53
> www.yahoo.com
Server: 192.168.1.3
Address: 192.168.1.3#53

** server can't find www.yahoo.com.arubanetworks.com: REFUSED
>


In ArubaOS 6.0, the behavior that you mention has been put back, and instead of refusing the DNS connection, it will resolve with the ip address of the controller that received the DNS request:

> server 10.69.69.32
Default server: 10.69.69.32
Address: 10.69.69.32#53
> www.yahoo.com
Server: 10.69.69.32
Address: 10.69.69.32#53

Name: www.yahoo.com
Address: 10.69.69.32
>


If you configure a DNS server and ip domain-lookup in 6.0, it will do a full proxy.
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: