Controllerless Networks

last person joined: 2 days ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

DNS intercepted by IAP intermittently, DNS response should be from Client DHCP server setting

This thread has been viewed 3 times

  • 1.  DNS intercepted by IAP intermittently, DNS response should be from Client DHCP server setting

    Posted Jan 11, 2017 11:59 PM

    I have 2 x Demo IAP-325 6.4.4.8-4.2.4.3 in a VC cluster with employee type WLAN and Local, L2 DHCP on the VC.  The Client Gateway is a Cisco FW to the Internet.  The DHCP Client scope options have the DNS Server to 8.8.8.8 and the IAP DNS Server settings is to the internal corporate DNS Server.  This is basically a BYOD WLAN to the Internet to access Corporate services.

    On a wireless client, I can nslookup to a corporate FQDN, but get two different DNS responses randomly:

    1 - DNS response with the correct Internet IP address from the Cisco FW mac address

    2 - DNS response with the internal IP address from the Aruba AP mac address.

    I am not doing any VPN as far as I know and tried the Enterprise Domains settings with no success.

     

    Is it a firmware bug or wrong setting somewhere?????

     

     

     



  • 2.  RE: DNS intercepted by IAP intermittently, DNS response should be from Client DHCP server setting

    EMPLOYEE
    Posted Jan 12, 2017 04:39 AM

    Did you try configuring * instead of a domain name in the Enterprise domain list?



  • 3.  RE: DNS intercepted by IAP intermittently, DNS response should be from Client DHCP server setting

    Posted Jan 12, 2017 05:11 PM

    Yes, tried * in the Enterprise Domain list as well with no luck.

     

    Note that I will have another Guest WLAN as well for self registering guests with a CP captive Portal so I need the Aruba AP DNS Server to be internal.

    Any other solutions?

    Is there a way to disable AP DNS interception per WLAN??

     



  • 4.  RE: DNS intercepted by IAP intermittently, DNS response should be from Client DHCP server setting

    EMPLOYEE
    Posted Jan 12, 2017 05:20 PM

    As a test, can you have something else besides the IAP supply the DHCP addresses?  I don't exactly know your setup, but is the Cisco firewall the default gateway for those clients?



  • 5.  RE: DNS intercepted by IAP intermittently, DNS response should be from Client DHCP server setting
    Best Answer

    Posted Jan 19, 2017 05:41 PM

    I've removed the DHCP scopes to the GW Firewall with no change.  The problem still existed.

    I power cycled the APs which fixed the problem.  I have not seen the problem since.  So a combination of DHCP scope removal and reboot may have fixed the issue???

     

    Contacted our BDM and there is no bug of this type.  Received a later version of firmware and upgraded APs as well.