Cloud Managed Networks

last person joined: 16 hours ago 

Forum to discuss all things related to HPE Aruba Networking Central and UXI Network Management, including deployment of managed networks, configuration, best practices, APIs, Cloud Guest, AIOps, Presence Analytics, and other included Applications
Back to discussions
Expand all | Collapse all

Aruba Central - DNS Reported Fails (lookup)

This thread has been viewed 39 times

  • 1.  Aruba Central - DNS Reported Fails (lookup)

    Posted Aug 09, 2020 10:34 PM
      |   view attached

    Looking for any guidance or experience - We have an Aruba Central customer (primarily 515s, running 8.6.0.5 however this was showing on previous builds as well) which shows numerous DNS Failures.

     

    Unfortunately we're not provided any further details for these failures other than;

    'Domain Name does not Exist'

     

    This customer is primarily Windows devices (mixture of BYOD / Domain Bound / Azure Bound). Our investigations point to devices doing a check for 'wpad' DNS record as out of the box Windows devices will be sent to 'Automatically detect settings'

     

    From Server 2008 onwards wpad can be disabled - We do not require users to resolve the wpad for internet / proxy. As a result the onsite local DNS servers block and do not respond to wpad queries.

     

    We believe this is what Aruba Central / IAPs are seeing and then reporting on which is a false positive.

    Moving forward;

    - Can we get further information on what Aruba thinks is not resolving? (to confirm it is wpad)

    - Can we exclude this false - positive from the Analytics?

     

    https://docs.microsoft.com/en-us/powershell/module/dnsserver/set-dnsserverglobalqueryblocklist?view=win10-ps



  • 2.  RE: Aruba Central - DNS Reported Fails (lookup)

    Posted Aug 09, 2020 11:27 PM

    As another addition, we completed a packet capture for UDP data - Narrowing down to WPAD look-ups we are capturing ~approximately 600-700 requests per minute. If we do the maths for an hour we're getting close to the amount of errors that Aruba Central is reporting.

     

    Any recommendations appreciated..



  • 3.  RE: Aruba Central - DNS Reported Fails (lookup)

    Posted Oct 13, 2020 11:27 AM

    I agree, I don't really consider "Domain Name does not Exist" to be a failure.  An NXDOMAIN response is a valid response to a query.



  • 4.  RE: Aruba Central - DNS Reported Fails (lookup)

    Posted Dec 10, 2020 07:20 PM
    Hi MikeD,

    We've just heard from our local Aruba SE that this is going to be resolved in a future release of Central;
    "We will apply a hotfix soon to change the DNS reporting to exclude the windows and chromebook behaviour. This month we plan to split out the Domain Name does Not Exist so we can better report on the other more interesting DNS rcodes."

    So you're aware, we also modified wpad to resolve to 127.0.0.1 to assist with these DNS Metrics however with BYOD devices set to 8.8.8.8/1.1.1.1 we never reached more than 91/92% success rate.

    DHCP is also 60-75% success despite the experience being amazing - We believe it is transient users moving around the campus continually roaming but never staying for DHCP DORA to finish.

    ------------------------------
    David Moyle
    ------------------------------

    Original Message