Controllerless Networks

last person joined: 2 days ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Aruba IAP 225 Wireless DNS Issue

This thread has been viewed 2 times

  • 1.  Aruba IAP 225 Wireless DNS Issue

    Posted Aug 01, 2017 01:18 PM

    Hello All,

    We have an Aruba IAP 225 setup with 3 SSID's (only 1 of which can reach internal network), clients that are connected to the internal corporate SSID are not able to resolve internal DNS queries (IAP is not handling internal DNS). The reason I posted on the Airheads forum is because with a laptop when I have a wired connection internal DNS queries are resolved correctly - BUT when same laptop is on wireless nslookup command just returns: <dns hostname> can't find <hostname>: Non-existen domain.

     

    There is no issue of connectivity between the client and the DNS server (i.e. can reach any internal resources via IP address). External DNS is resolved just fine (set for Google DNS, 8.8.8.8). Packet captures show that the client request is sent and received by DNS server but on the server side you only see the initial PTR query for the DNS server and the server response packet - then nothing else.  On the client side you see the PTR query and then the A and AAAA response of "no such name".

     

    I just can't seem to figure out why it only works when wired and not on wireless.  Also another curious thing is the SOA on those packet captures on the client side show a0.nic.global which is definitely not the hostname of our DNS server, when wired the SOA shows correctly as the DNS server hostname.

     

    I have checked all the permissions and settings for non-domain DNS (plus tested with domain joined laptops) and have this issue of not being able to resolve internal DNS.

     

    Aruba OS is on v6.5.2.0 Build 59123

    DNS is set for internal DNS server in DHCP settings

     

    Any input would be much appreciated.  Thanks



  • 2.  RE: Aruba IAP 225 Wireless DNS Issue

    Posted Aug 09, 2017 06:29 AM
    What role are the wireless clients in? What are the rights of this role?

    #show rights <role>


  • 3.  RE: Aruba IAP 225 Wireless DNS Issue

    Posted Aug 14, 2017 02:59 PM

    Clients are in role specifically for corporate wireless SSID and access rule is 'Allow any to all destinations'



  • 4.  RE: Aruba IAP 225 Wireless DNS Issue

    Posted Sep 12, 2017 10:49 AM

    This is still an ongoing issue - does anyone have any feedback?

     

    I can't seem to find any documentation or posts that explains why internal DNS can't be resolved by wireless clients.

     

    For the SSID:

    - All filtering is disabled

    - No roles in place, set for unrestricted access

    - Have tried setting the domain option in DHCP server which does add the domain to DNS queries but still get same response of non-exisisten domain.



  • 5.  RE: Aruba IAP 225 Wireless DNS Issue

    EMPLOYEE
    Posted Sep 14, 2017 05:58 AM

    Did you change the captive portal certificate on the Instant Cluster?



  • 6.  RE: Aruba IAP 225 Wireless DNS Issue

    Posted Sep 15, 2017 11:51 AM

    We were able to figure this out - it was a combination of putting '*' in the domain field in the DHCP settings for the corporate SSID and firewall rule to allow the IAP virtual controller to forward dns requests to subnet that the internal dns is on.

     

    Corporate wireless clients are now able to resolve internal dns - HOWEVER, now guest wireless clients can also resolve internal DNS.  Which we don't want.

     

    The guest wireless has 8.8.8.8 set as DNS - but for some reason the virtual controller still forwards the dns requests to internal dns.  Is there a best practice or documentation on how to setup guest wireless so that DNS requests are only sent to a specified dns server?