Meraki

Community

Trouble getting custom DNS (Synology) to work consistently in MacOS

Tintin
Getting noticed
‎Oct 6 2023 1:35 AM
‎Oct 6 2023 1:35 AM

Trouble getting custom DNS (Synology) to work consistently in MacOS

Hi!

 

I'm thinking if this is a MacOS issue or not. But I also know that having the Socket Filters from Cisco Secure Client installed and active fully solves the problem and makes the pages from the custom DNS load consistently across all web browsers.

 

The issue is this:

 

We have a Synology acting as an internal DNS server and it come out to the clients via DHCP among the two Google DNS's 8.8.8.8 and 8.8.4.4. So DNS servers are:

 

Synology DNS
8.8.8.8

8.8.4.4

 

The problem is that sometimes MacOS isn't always using the custom (Synology) DNS and then the internal websites addresses we have set up there won't resolve since it tries to use the Google DNS for that instead.

 

It also behaves differently depending on the web browser when trying to access one of the websites handled by the custom DNS.

 

•In Chrome it loads every time.

•In Firefox it works if the address is in the address field and ”return” is pressed to go to the site. If I refresh the page it Firefox say it has trouble finding that site.

•In Safari it works to load every other time, i.e. the first time I enter the address and try to access the page it loads, but if I refresh the page it ”can't find the server”. Another refresh and it loads again. Having the address field focused with the address in there and pressing return also works every time.  🤷‍

Anyone knows why it behaves this way and why does the Socket Filters (namely the DNS proxy) that gets installed when installing the Cisco Secure Client solve the problem? I don't see why having that installed should be a requirement in this case.

 

Thankful for any insights on this!

0 Kudos
2 Replies 2
Xydocq
A model citizen
‎Oct 7 2023 4:14 AM
‎Oct 7 2023 4:14 AM

hello @Tintin 

 

I am using a Synology NAS as DNS server.

 

Not sure if this problem has anything to do with Meraki Go hardware or settings on Meraki Go, but here is how I run the DNS on my network.

 

I use the Synology also to host my own website. Trying to access the website from the LAN always failed. The hardware was never able to handle the loop-back and the site never loaded. Before using the Meraki Go GX20 on my network, I was using a router that allowed hairpin. So every request for the URL was sent to the Synology. The old router run into some problems and I had to replace it.

 

The WAN settings on my GX20 are static. The DNS servers on the GX20 point to my ISP's DNS and not the Synology, that's because the GX20 doesn't need to know my own DNS and should not use it. The clients are connected from different VLANs. VLAN1 (default) is used for some clients that have only internet access. VLAN10 is for my business LAN that is placed behind another router/firewall so all access to it gets blocked by this router/firewall. VLAN20 holds the Synology and is used for webservices.

 

I edited the DNS server for VLAN1 by changing it under Networks - Default - Local addressing - Edit - Change DNS Server. Now every client on VLAN1 is using the Synology as primary DNS server and the GX20 as secondary DNS server. VLAN10 and VLAN20 have not been changed, but the secondary router uses the Synology as primary DNS server and the GX20 as secondary DNS server.

 

I am not using a Mac. But it works for any Windows Machine, Android Phones and iPhones.

 

I am not sure how you implemented the custom DNS on your network, or why a Secure Client solves the problem for you.

 

Cheers

 

 

In response to Xydocq
Tintin
Getting noticed
‎Oct 11 2023 1:35 AM
‎Oct 11 2023 1:35 AM

Thanks for elaborating on your setup!

I did try using a Mac running Windows 10 the other day and there it was no trouble accessing any of the internal websites and having:

Synology DNS
8.8.8.8

8.8.4.4

deployed via DCHP.

What I did now was to change in Meraki so it only deploys (via DHCP) the DNS coming from Synology. The Synology itself will forward addresses it can't resolve to 8.8.8.8 and 8.8.4.4. Seems to work fine now and I don't get the wired behavior for internal addresses depending on the browser used in MacOS that I described in my original post.

At the same time I think it would be good to have a DNS backup in case the Synology goes down. So I'll continue to investigate what this behaves the way it does in MacOS.

0 Kudos
Get notified when there are additional replies to this discussion.
© 2024 Cisco Systems, Inc.