Wireless Access

Reply
Occasional Contributor II

Netdestination Name Addresses Not Resolved the First Time a Hostname is Referenced

Bit of a strange one here...

ArubaOS: 6.1.3.8

 

I have a few netdestinations defined:

 

netdestination ocsp.digicert.com
  name ocsp.digicert.com
!
netdestination api.mixpanel.com
  network 198.23.64.0 255.255.255.224
!
netdestination google
  name .googleapis.com
!
netdestination ocsp-geotrust
  host 69.58.183.140
  host 216.168.252.157
!
netdestination stripe
  name .stripe.com
!

 

I have these attached to whitelist ACLs for the logon role, as they are meant to be allowed for captive portal guests before authentication.

 

DNS lookups are enabled on the controller:

 

ip domain lookup
!
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!

 

It seems that the first time a guest tries to load a captive portal that references one of the netdestination name sites, the connection is blocked by the controller.

Reloading the page shows that the connection is getting through on the next attempt.

 

This seems to repeat itself quite a bit, as guests connect, and have their first attempt blocked, but subsequent attempts work without issue.  The pump needs to be primed, so to speak.

 

Is this the correct behaviour?  When does the Controller actually do a DNS lookup?  On configuration?  Or at runtime, when a packet is destined for a host with a name entry?

 

Is there a CLI command that would allow me to see what IP is currently mapped to a named host entry? (Besides 'show netdestination' as that doesn't show enough info... there are only placeholders)

 

 

Re: Netdestination Name Addresses Not Resolved the First Time a Hostname is Referenced

Did you configure the ip domain name ?
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: Netdestination Name Addresses Not Resolved the First Time a Hostname is Referenced

Oh, yes, I have that set as well:

 

(Aruba3400) (config) # show ip domain-name


IP domain lookup:    Enabled
IP Host.Domain name:    Aruba3400.anicenetwork.com

DNS servers
===========
8.8.8.8
8.8.4.4

(*) Dynamic DNS entry

 

Any idea on the behaviour issue?

Re: Netdestination Name Addresses Not Resolved the First Time a Hostname is Referenced

 

Maybe this could help you :

 

http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Controller-DNS-server/td-p/8334

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: Netdestination Name Addresses Not Resolved the First Time a Hostname is Referenced

Interesting, but it doesn't explain why the first few times a DNS lookup would fail.

 

The controller is acting as a proxy in this case, but is it returning its own address the first few times, but then the real address every time after that?

 

 

In our further testing, we can see this happening even in later connections...  so it seems more intermittent than just the first few attempts.

 

I'll open a TAC case to explore it further.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: