Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Netdestination Name Addresses Not Resolved the First Time a Hostname is Referenced

This thread has been viewed 1 times

  • 1.  Netdestination Name Addresses Not Resolved the First Time a Hostname is Referenced

    Posted Jul 03, 2013 08:27 PM

    Bit of a strange one here...

    ArubaOS: 6.1.3.8

     

    I have a few netdestinations defined:

     

    netdestination ocsp.digicert.com
      name ocsp.digicert.com
    !
    netdestination api.mixpanel.com
      network 198.23.64.0 255.255.255.224
    !
    netdestination google
      name .googleapis.com
    !
    netdestination ocsp-geotrust
      host 69.58.183.140
      host 216.168.252.157
    !
    netdestination stripe
      name .stripe.com
    !

     

    I have these attached to whitelist ACLs for the logon role, as they are meant to be allowed for captive portal guests before authentication.

     

    DNS lookups are enabled on the controller:

     

    ip domain lookup
    !
    ip name-server 8.8.8.8
    ip name-server 8.8.4.4
    !

     

    It seems that the first time a guest tries to load a captive portal that references one of the netdestination name sites, the connection is blocked by the controller.

    Reloading the page shows that the connection is getting through on the next attempt.

     

    This seems to repeat itself quite a bit, as guests connect, and have their first attempt blocked, but subsequent attempts work without issue.  The pump needs to be primed, so to speak.

     

    Is this the correct behaviour?  When does the Controller actually do a DNS lookup?  On configuration?  Or at runtime, when a packet is destined for a host with a name entry?

     

    Is there a CLI command that would allow me to see what IP is currently mapped to a named host entry? (Besides 'show netdestination' as that doesn't show enough info... there are only placeholders)

     

     



  • 2.  RE: Netdestination Name Addresses Not Resolved the First Time a Hostname is Referenced

    Posted Jul 03, 2013 09:20 PM
    Did you configure the ip domain name ?


  • 3.  RE: Netdestination Name Addresses Not Resolved the First Time a Hostname is Referenced

    Posted Jul 03, 2013 10:52 PM

    Oh, yes, I have that set as well:

     

    (Aruba3400) (config) # show ip domain-name


    IP domain lookup:    Enabled
    IP Host.Domain name:    Aruba3400.anicenetwork.com

    DNS servers
    ===========
    8.8.8.8
    8.8.4.4

    (*) Dynamic DNS entry

     

    Any idea on the behaviour issue?



  • 4.  RE: Netdestination Name Addresses Not Resolved the First Time a Hostname is Referenced

    Posted Jul 08, 2013 02:12 PM

     

    Maybe this could help you :

     

    http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Controller-DNS-server/td-p/8334



  • 5.  RE: Netdestination Name Addresses Not Resolved the First Time a Hostname is Referenced

    Posted Jul 08, 2013 03:35 PM

    Interesting, but it doesn't explain why the first few times a DNS lookup would fail.

     

    The controller is acting as a proxy in this case, but is it returning its own address the first few times, but then the real address every time after that?

     

     

    In our further testing, we can see this happening even in later connections...  so it seems more intermittent than just the first few attempts.

     

    I'll open a TAC case to explore it further.