Meraki Security Appliance spoofs DNS request

SamA
New here

Meraki Security Appliance spoofs DNS request

Hi there. I have issue with MX84 (firmware MX 15.42.1) and local DNS server. My network configuration has 3 VLANs

SamA_0-1629842875137.png

I don't use DHCP in my VLAN 3 (static IP assignment)

SamA_1-1629842951568.png

 

 My DNS server (Windows Server 2012R2 with Active Directory) is located in VLAN1. When I try to resolve from VLAN 3 any DNS record that my DNS server holds, I see reply from public DNS.

SamA_2-1629843390372.png

SamA_0-1629844326189.png

 

 

I can ping server in different VLAN or reach it with tracert, but only by IP, so it's not a routing issue. Here is my interface configuration

SamA_3-1629843728543.png

In same VLAN where my DNS server is located, there is no issue with DNS resolving.

What settings must I change for using my local DNS server in all VLANs?

 

3 Replies 3
Inderdeep
Kind of a big deal
Kind of a big deal

Bruce
Kind of a big deal

You need to configure the DHCP settings for VLAN 1 with your internal DNS server (i.e. the Windows Server 2012R2). In the DHCP configuration change the 'DNS nameservers' to 'Specify nameservers...' and then enter the IP address of your Windows DNS server in the 'Custom nameservers' box. 

Bruce_0-1629853782491.png

Once the configuration has been pushed to the MX you'll need to refresh the DHCP lease on the client. At this point the client should receive the DNS settings for your Windows server, so when you do an 'ipconfig /all' the 'DNS Servers' line should show the IP address of your Windows server.

SamA
New here

Thank you for you reply, but your solution doesn't work. I have set up DNS server in VLAN 1, but nothing changed.

 

 

I found issue by myself in Security & SD-WAN -> Threat protection. I disabled Umbrella protection and now DNS traffic flows between VLANs normally. Additionally, if two domain controllers are located in different VLANs and Umbrella protection enabled, DNS replica stops and both domain controllers are not able to exchange records update.

SamA_1-1630006767235.png

 

Topic can be closed.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels