Meraki

Community

DNS Misconfigured on MX100

mdubs91
Comes here often
‎Jun 7 2023 12:57 PM
‎Jun 7 2023 12:57 PM

DNS Misconfigured on MX100

We have 2 MX100's (Primary and secondary) and both have been showing the DNS misconfigured alert for about a week. A packet capture shows that DNS requests on both WAN uplinks are not getting responses. We can see them going out but there is never a response back. Most of our internal traffic is routed through a site to site VPN to AWS where it goes out through a firewall. All of these internal VLANs do not have any connectivity problems. Our guest network which does not travel over the site-to-site VPN has been down since the error appeared. 

 

The change log shows no changes at the time that the misconfiguration first occurred. 

 

We have tried changing the DNS servers used on both uplinks with no effect. 

 

Meraki support recommended checking with our ISP to figure out why we are not getting DNS responses. We have done that but they have been less than helpful. 

 

Does anyone have any ideas of what could be going on? Has anyone had experience with an ISP blocking DNS responses?

 

I am happy to answer any additional questions. Help is greatly appreciated. 

Labels:
0 Kudos
8 Replies 8
cmr
Kind of a big deal
Kind of a big deal
‎Jun 7 2023 2:13 PM
‎Jun 7 2023 2:13 PM

@mdubs91 some ISPs want you to use their DNS and block others, have you tried that?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
mdubs91
Comes here often
‎Jun 7 2023 2:18 PM
‎Jun 7 2023 2:18 PM

Thanks. We do use Spectrum (our ISP) DNS on the WAN1 uplink and use Google DNS on the WAN 2 Uplink. Both are down. Maybe we should switch both to Spectrum.

0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 7 2023 8:00 PM
‎Jun 7 2023 8:00 PM

Have you tried with a different DNS (like umbrella)?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
mdubs91
Comes here often
‎Jun 8 2023 7:26 AM
‎Jun 8 2023 7:26 AM

Unfortunately, I have yes. The same issue occurs where there are no DNS responses. Testing umbrella connectivity from the dashboard also shows an inability to connect to umbrella DNS servers. We have also tried switching to Cloudflare and Google DNS. 

 

Thank you for the thought. 

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 8 2023 2:04 PM
‎Jun 8 2023 2:04 PM

Are you using a non-Meraki VPN to Amazon AWS?  Does the VPN destination include the DNS servers you are trying to reach (such as using a VPN to 0.0.0.0/0)?  If so, the DNS queries may be going via that VPN.

0 Kudos
In response to PhilipDAth
mdubs91
Comes here often
‎Jun 12 2023 8:00 AM
‎Jun 12 2023 8:00 AM

Hi Philip, 

 

Thank you for you response. We have a site-to-site VPN set up between our Office network and AWS. The Meraki serves as the customer gateway on the office side and we have an AWS Transit Gateway as the termination point in AWS. 

 

You're thinking that if the VPN destination is set to 0.0.0.0/0 that the DNS queries are going through the VPN?

 

I'm far far from an expert. Do you mind explaining a little more what you mean?

 

Thank you. 

0 Kudos
In response to mdubs91
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 12 2023 1:10 PM
‎Jun 12 2023 1:10 PM

>You're thinking that if the VPN destination is set to 0.0.0.0/0 that the DNS queries are going through the VPN?

 

I'm not sure, but I'm thinking that is what it could be.

0 Kudos
In response to PhilipDAth
mdubs91
Comes here often
‎Jun 12 2023 1:19 PM
‎Jun 12 2023 1:19 PM

This is interesting. You may be on to something. Thank you very much. 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.