Meraki

mrpackethead_

Hi, Is it possible to make a MX device use internal DNS servers that are reachable over the Site to Site VPN? I easily make devices, ( AP's, Switches ) do this, as they get DNS via DHCP.

Am i missing something very simple here/

ww

It needs public dns on the uplink for management because it need to reach the cloud /dashboard to come online and before the tunnels are build.

You can use any dns you like on the vlans

sinelnyyk

Hi @mrpackethead_,
Unfortunately, it's not possible to configure the MX WAN interface to use DNS server which is reachable over the Site to Site VPN from the MX. This is because the MX WAN interface doesn't participate in VPN, and all traffic from the MX management interface will be sent directly to WAN link, so you need to make sure that the server is reachable from WAN interface. It doesn't necessarily mean that it should be a public IP though. If your MX is behind NAT and using an IP in a private range, you can use the DNS server that will be in the private subnet as well.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.

GIdenJoe

This would defeat the purpose of your uplink monitoring. Your MX needs to be able to reach external DNS servers to test DNS query/responses so it can report the WAN uplink is up or down.

Why would you actually want the MX to use an internal DNS anyway? The sites it tests for are quasi hardcoded anyway.

Meraki

Community

Making a MX device use internal DNS.

Making a MX device use internal DNS.