Meraki Community

mdubs91 · ‎Jun 7 2023

We have 2 MX100's (Primary and secondary) and both have been showing the DNS misconfigured alert for about a week. A packet capture shows that DNS requests on both WAN uplinks are not getting responses. We can see them going out but there is never a response back. Most of our internal traffic is routed through a site to site VPN to AWS where it goes out through a firewall. All of these internal VLANs do not have any connectivity problems. Our guest network which does not travel over the site-to-site VPN has been down since the error appeared.

The change log shows no changes at the time that the misconfiguration first occurred.

We have tried changing the DNS servers used on both uplinks with no effect.

Meraki support recommended checking with our ISP to figure out why we are not getting DNS responses. We have done that but they have been less than helpful.

Does anyone have any ideas of what could be going on? Has anyone had experience with an ISP blocking DNS responses?

I am happy to answer any additional questions. Help is greatly appreciated.

cmr · ‎Jun 7 2023

@mdubs91 some ISPs want you to use their DNS and block others, have you tried that?

mdubs91 · ‎Jun 7 2023

Thanks. We do use Spectrum (our ISP) DNS on the WAN1 uplink and use Google DNS on the WAN 2 Uplink. Both are down. Maybe we should switch both to Spectrum.

alemabrahao · ‎Jun 7 2023

Have you tried with a different DNS (like umbrella)?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

mdubs91 · ‎Jun 8 2023

Unfortunately, I have yes. The same issue occurs where there are no DNS responses. Testing umbrella connectivity from the dashboard also shows an inability to connect to umbrella DNS servers. We have also tried switching to Cloudflare and Google DNS.

Thank you for the thought.

PhilipDAth · ‎Jun 8 2023

Are you using a non-Meraki VPN to Amazon AWS? Does the VPN destination include the DNS servers you are trying to reach (such as using a VPN to 0.0.0.0/0)? If so, the DNS queries may be going via that VPN.

mdubs91 · ‎Jun 12 2023

Hi Philip,

Thank you for you response. We have a site-to-site VPN set up between our Office network and AWS. The Meraki serves as the customer gateway on the office side and we have an AWS Transit Gateway as the termination point in AWS.

You're thinking that if the VPN destination is set to 0.0.0.0/0 that the DNS queries are going through the VPN?

I'm far far from an expert. Do you mind explaining a little more what you mean?

Thank you.

PhilipDAth · ‎Jun 12 2023

>You're thinking that if the VPN destination is set to 0.0.0.0/0 that the DNS queries are going through the VPN?

I'm not sure, but I'm thinking that is what it could be.

mdubs91 · ‎Jun 12 2023

This is interesting. You may be on to something. Thank you very much.

Meraki Community

DNS Misconfigured on MX100

DNS Misconfigured on MX100