Meraki

Community

How is Google is resolving my intranet IP...?

Solved
yaypingworks
Here to help
Friday
Friday

How is Google is resolving my intranet IP...?

I have VLAN 2, with ACLs that first permit traffic to our intranet IP, then deny the rest of the LAN.

 

VLAN 2's DHCP server is set to Google.

I wasn't expecting this to work, but I am able to go to the intranet website via its FQDN, but how would that even be resolved?

 

I flushed DNS records, did an nslookup and its saying 8.8.8.8 is giving the response. 

 

Ultimately, we want VLAN 2 to be able to access the intranet but i would like to know how this is working currently... I was expecting to have to change VLAN 2 to use our local DNS server in order to resolve the intranet FQDN.

 

Edit: I cant resolve any other LAN devices, just the intranet

0 Kudos
1 Accepted Solution
Brash
Kind of a big deal
Kind of a big deal
Saturday
Saturday

The only way Google would resolve you intranet is if you have a publicly registered DNS entry for it.

For example, if I register brash.com, I could have a DNS entry for intranet.brash.com and point it to my internet intranet IP (Eg. 192.168.1.100). It would mean nothing to anyone except those on my network.

 

Assuming you haven't done this, your hosts must be resolving it from somewhere else. Heck, you could verify this by using a non corporate computer and running an nslookup directly to the server 8.8.8.8 requesting your intranet FQDN to see if it resolves.

 

One other thing to note is that there are security applications and web browser settings that override a computer's configured DNS and use a different DNS instead.

View solution in original post

7 Replies 7
cmr
Kind of a big deal
Kind of a big deal
Friday
Friday

Is your DNS lookup using DNS over HTTPS?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
yaypingworks
Here to help
Friday
Friday

No, nothing I was testing has that feature enabled on the browser or OS

0 Kudos
DarrenOC
Kind of a big deal
Kind of a big deal
Friday
Friday

Have you checked to see if you have any PAC/Hosts files configured on your machines that are performing the local DNS lookups?

 

Seems unlikely that Google would resolve your local hostnames.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
In response to DarrenOC
yaypingworks
Here to help
Friday
Friday

That shouldn't be the case as I tested on a fresh device yet still able to get to intranet.

0 Kudos
Brash
Kind of a big deal
Kind of a big deal
Saturday
Saturday

The only way Google would resolve you intranet is if you have a publicly registered DNS entry for it.

For example, if I register brash.com, I could have a DNS entry for intranet.brash.com and point it to my internet intranet IP (Eg. 192.168.1.100). It would mean nothing to anyone except those on my network.

 

Assuming you haven't done this, your hosts must be resolving it from somewhere else. Heck, you could verify this by using a non corporate computer and running an nslookup directly to the server 8.8.8.8 requesting your intranet FQDN to see if it resolves.

 

One other thing to note is that there are security applications and web browser settings that override a computer's configured DNS and use a different DNS instead.

In response to Brash
yaypingworks
Here to help
Monday
Monday

This was it, we found that we were publishing the record for some reason. Thanks for the pointer!

PhilipDAth
Kind of a big deal
Kind of a big deal
Sunday
Sunday

Have you got a 1:1 NAT configured to allow access from the outside in?  And is the FQDN you are using a public DNS name?

1:1 NAT also acts on traffic from the inside.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.