Meraki

Community

DNS with Meraki DHCP

Court
Getting noticed
‎Apr 21 2023 1:10 PM
‎Apr 21 2023 1:10 PM

DNS with Meraki DHCP

Testing a new subnet using Meraki for DHCP and existing Windows DNS server. Both wired and wireless clients connect fine to the new subnet, can communicate with the DNS server, resolve names, but clients on the new subnet cannot update their DNS record on the server. Wired clients will update if you manually delete the existing DNS entry. Wireless clients will not update at all, they get a dynamic update refusal code 5. I know Meraki DHCP doesn't support updating reverse lookup records, but why would I be having trouble with client updates to DNS host records?

0 Kudos
15 Replies 15
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 21 2023 1:28 PM
‎Apr 21 2023 1:28 PM

It's probably a device issue, not a Meraki issue. Can you show an example?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 23 2023 1:10 PM
‎Apr 23 2023 1:10 PM

>they get a dynamic update refusal code 5.

 

This happens when the machine account requesting the reverse DDNS update does not have permission to do the update.  A common cause is a machine does DHCP, gets an IP address, and then adds it via DDNS.  At this point, that machine owns the record (Windows permission wise).

Sometime later a different device gets that same IP address via DHCP.  It goes to update the existing reverse record - but it does not own it - the prior device does, and Windows DNS refuses the update.

 

A bit of a fundamental problem with Windows DDNS huh?  It expects that once a device gets an IP address it will never change.

 

I often solve it by changing the default permission on the reverse DDNS zone to allow unauthenticated updates.  This means anything can update a reverse DNS entry.  If you do a "nslookup" you have to consider that the returned entry is not guaranteed to be who it says - but reverse DNS is mostly for information purposes anyway.

In response to PhilipDAth
Court
Getting noticed
‎Apr 24 2023 8:54 AM
‎Apr 24 2023 8:54 AM

So the clients I'm testing previously used DHCP and DNS from the same Windows Server, and DHCP created their DNS records. Moved the same clients to the new subnet using Meraki DHCP, same DNS server, and I've manually removed their previous DNS records from the server. Wired clients will register a new DNS entry, but wireless clients on the same subnet will not register a new DNS entry. What would cause only the wireless clients to not be able to register? If I plug the wireless laptop into a network port configured with the newly configure subnet, it will register.

0 Kudos
In response to Court
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 24 2023 9:02 AM
‎Apr 24 2023 9:02 AM

What you're saying doesn't make any sense. Have you tried running the commands below?

 

ipconfig /flushdns

ipconfig /release

ipconfig /renew

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Court
Getting noticed
‎Apr 24 2023 9:28 AM
‎Apr 24 2023 9:28 AM

Yes, of course I've tried that. I know it doesn't make sense, yet its happening. Both wired and wireless clients are able to contact the DNS server and resolve names from it.

0 Kudos
In response to Court
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 24 2023 9:32 AM
‎Apr 24 2023 9:32 AM

How is the client IP assignment in the SSID configured?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Court
Getting noticed
‎Apr 24 2023 9:35 AM
‎Apr 24 2023 9:35 AM

Tunneled, layer 3 to the MX as the concentrator, VLAN tagged. I've also tried Bridged, L3 roaming, VLAN tagged with same results.

0 Kudos
In response to Court
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 24 2023 9:39 AM
‎Apr 24 2023 9:39 AM

in this case, I'm assuming that the APs and the MX are not on the same physical network correct?
 
Or is there any other reason, in particular, to use it in tunneled mode?
 
If you configure it in Bridge Mode, is the result the same?
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Court
Getting noticed
‎Apr 24 2023 9:43 AM
‎Apr 24 2023 9:43 AM

They are on the same network. I originally used bridged, L3 roaming, VLAN tagged with same result, so was trying tunneled too.

0 Kudos
In response to Court
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 24 2023 9:47 AM
‎Apr 24 2023 9:47 AM

No no, I'm talking about Bridge Mode without enabling L3 roaming.

 

alemabrahao_0-1682354773074.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Court
Getting noticed
‎Apr 27 2023 9:10 AM
‎Apr 27 2023 9:10 AM

Ok I think we've narrowed down the problem. When using Umbrella integration on an SSID that uses Meraki DHCP, DNS registrations are not processed, and the local domain name is in the exclusions list. Name resolution does work though. If the SSID with Umbrella is using DHCP on the server, DNS registrations work.

Court
Getting noticed
‎Apr 27 2023 1:41 PM
‎Apr 27 2023 1:41 PM

So my next question is, am I missing something on Umbrella config here, or is this a bug in Meraki?

0 Kudos
In response to Court
MichelSchuurman
Conversationalist
‎Jun 3 2024 6:36 AM
‎Jun 3 2024 6:36 AM

Hi Court, 

We're running into the same issue. Umbrella integration in place, DHCP on the MX and DNS on our ADDS. 

Cannot get PRT working. 

 

Dit you get this working? Some more you found out?

 

0 Kudos
In response to MichelSchuurman
Court
Getting noticed
‎Jun 7 2024 8:53 AM
‎Jun 7 2024 8:53 AM

We could never get it to work, so we left DNS and DHCP roles on our DC.

Meraki handles DHCP on our Meraki network management subnets though.

0 Kudos
Jschiller412
Comes here often
‎Jun 7 2024 8:25 AM
‎Jun 7 2024 8:25 AM

We are encountering similar issues in our environment. DHCP is dished out via the Meraki MX firewalls. However, we noticed that Reverse DNS Lookups are not being auto-populated. In addition, we are integrated with Cisco Umbrella. 

 

We are looking to have Reverse Lookup Zones auto populated from forward lookup zones. Forward lookup zones are working fine.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.