Controllerless Networks

Reply
Occasional Contributor I

Aruba IAP 225 Wireless DNS Issue

Hello All,

We have an Aruba IAP 225 setup with 3 SSID's (only 1 of which can reach internal network), clients that are connected to the internal corporate SSID are not able to resolve internal DNS queries (IAP is not handling internal DNS). The reason I posted on the Airheads forum is because with a laptop when I have a wired connection internal DNS queries are resolved correctly - BUT when same laptop is on wireless nslookup command just returns: <dns hostname> can't find <hostname>: Non-existen domain.

 

There is no issue of connectivity between the client and the DNS server (i.e. can reach any internal resources via IP address). External DNS is resolved just fine (set for Google DNS, 8.8.8.8). Packet captures show that the client request is sent and received by DNS server but on the server side you only see the initial PTR query for the DNS server and the server response packet - then nothing else.  On the client side you see the PTR query and then the A and AAAA response of "no such name".

 

I just can't seem to figure out why it only works when wired and not on wireless.  Also another curious thing is the SOA on those packet captures on the client side show a0.nic.global which is definitely not the hostname of our DNS server, when wired the SOA shows correctly as the DNS server hostname.

 

I have checked all the permissions and settings for non-domain DNS (plus tested with domain joined laptops) and have this issue of not being able to resolve internal DNS.

 

Aruba OS is on v6.5.2.0 Build 59123

DNS is set for internal DNS server in DHCP settings

 

Any input would be much appreciated.  Thanks

Re: Aruba IAP 225 Wireless DNS Issue

What role are the wireless clients in? What are the rights of this role?

#show rights <role>
Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Occasional Contributor I

Re: Aruba IAP 225 Wireless DNS Issue

Clients are in role specifically for corporate wireless SSID and access rule is 'Allow any to all destinations'

Occasional Contributor I

Re: Aruba IAP 225 Wireless DNS Issue

This is still an ongoing issue - does anyone have any feedback?

 

I can't seem to find any documentation or posts that explains why internal DNS can't be resolved by wireless clients.

 

For the SSID:

- All filtering is disabled

- No roles in place, set for unrestricted access

- Have tried setting the domain option in DHCP server which does add the domain to DNS queries but still get same response of non-exisisten domain.

Guru Elite

Re: Aruba IAP 225 Wireless DNS Issue

Did you change the captive portal certificate on the Instant Cluster?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: Aruba IAP 225 Wireless DNS Issue

We were able to figure this out - it was a combination of putting '*' in the domain field in the DHCP settings for the corporate SSID and firewall rule to allow the IAP virtual controller to forward dns requests to subnet that the internal dns is on.

 

Corporate wireless clients are now able to resolve internal dns - HOWEVER, now guest wireless clients can also resolve internal DNS.  Which we don't want.

 

The guest wireless has 8.8.8.8 set as DNS - but for some reason the virtual controller still forwards the dns requests to internal dns.  Is there a best practice or documentation on how to setup guest wireless so that DNS requests are only sent to a specified dns server?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: