How does a Meraki security appliance choose the DNS server it contacts for a DHCP client request? Is it round-robin, random selection, or list of priority? An F5 network does/can do an order of precedence; most industry systems do round-robin by default.
I'm toying with the idea of adding a public DNS server to the list of private ones we use for our split VPN tunnel campus hub-and-spoke organization. If the tunnel goes down, all DNS is currently lost; if a public server is at the end of the list, at least clients can get to the public Internet even if the hub campus is inaccessible. But we don't want DHCP clients to lose every 1 out of 4 DNS requests for a private campus service because 1 out of the 4 DNS servers doesn't have the right private IP information.
If you are talking about Custom DNS, it is in the order of the configured list, from top to bottom.
Security & SD-Wan->Configure->DHCP
In the case given in your screenshot, the MX is not doing DNS. It is giving DNS servers to the client to use, and the policy used to access DNS will depend on that client.
If you don't have custom DNS configured it uses the DNS servers configured on the WAN ports.
https://documentation.meraki.com/MX/DHCP/Configuring_DNS_Nameservers_for_DHCP
>Is it round-robin, random selection, or list of priority?
Excellent question. I don't know the answer. Could you do a packet capture and let us know please?
Not sure on the selection of DNS servers from the list.
I don't think the MX has any smarts to poll DNS servers and configure them based on whether they're reachable or not.
Note however that if you have domain joined clients, you'll hit issues if they are configured for public DNS servers.
In fact, the MX has nothing to do with it, the client's device carries out the entire process, first it tries the first one, if it doesn't receive a response it tries the secondary one and so on.
Yep, exactly. The list is provided to the client in the order it is configured on the MX, the client uses those resolvers in the order they are provided.