Q: How DNS traffic behaves when we have Enterprise Domains configured in RAP-NG(IAP VPN) deployment?
The four modes available in the RAP-NG architecture are
1.Local mode
2.Centralized L2 mode
3.Distributed L2 mode
4.Distributed L3 mode
In all the above mode the common behavior is, Internet traffic is source NATed with Master IAPs local IP. The DHCP and corporate traffic behavior changes depending up on mode used in the RAP-NG architecture.
A: Below is the behavior of the DNS traffic
- By Default all the DNS requests from a client are forwarded to the clients DNS server.
- In a typical IAP deployment without VPN configuration, client DNS requests are resolved by the clients' DNS server.
- The DNS behavior of an IAP network (SSID/wired port) configured for RAPNG is determined by the enterprise domain settings.
- The enterprise domain setting on the IAP defines the domains for which the DNS resolution must be forwarded to the clients' default DNS server.
Example:
-------
internal-domains
domain-name arubanetworks.com
In the above example if the enterprise domain is configured for arubanetworks.com, then DNS resolution for hostnames in arubanetworks.com will be forwarded to the clients' default DNS server.
The DNS resolution for rest of all the hostnames domains ex. google.com, yahoo.com etc. will be Scr-NATed to the local DNS server of the IAP.
If you need to allow all the hostnames domains to be forwarded to the clients' default DNS server we need to use "*" in the enterprise domain configuration
internal-domains
domain-name *
From Web UI:
To create/ View
1. Hit settings
2. Click on Show advanced options
3.Select Enterprise Domains
To View Enterprise domain setting from CLI;
#show running-config | begin internal-domains
To Create Enterprise domain from CLI:
(config)#internal-domains
domain-name <domain-name>