Meraki

Community

Reverse DNS query doesn't work on Meraki

Cyrus777
Here to help
yesterday
yesterday

Reverse DNS query doesn't work on Meraki

Hello friends.

 

We are having a weird issue in our organization and have not found a solution for it yet. 

I have DNS server on-prem and on Azure. If a client within the same subnet that DNS servers reside on send a request for reverse, it will work perfectly but all other clients on different subnets or from different routed network on SDWAN Meraki Auto VPN won't be able to get a respond for reverse dns. The forward records are resolved with no issues. We have rebuilt the reverse Zone on DNS and have done a lot of investigation with Meraki support as well but had no chance to find the root cause. we have no rules on MX to kill this traffic but when I did packet capture on a client and dns server I noticed the forward dns queries has a complete communication but the reverse query get lost on Sever end.

 

Any recommendation will be appreciated. 

Labels:
0 Kudos
10 Replies 10
RWelch
Head in the Cloud
Head in the Cloud
yesterday
yesterday

Are the clients on different subnets using the same DNS server for resolution?  Or are their DNS settings pointed to different DNS servers?  Hard to understand from your post if all clients are using the same or different DNS servers?

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to RWelch
Cyrus777
Here to help
yesterday
yesterday

yes, all clients are using the same set of servers for DNS. 

I have a few DNS servers on-prem and on Azure for HA and all clients are using those servers across the org. Also database for all those DNS servers are synced and they all has the same setup.

0 Kudos
Inderdeep
Kind of a big deal
yesterday
yesterday

try this one case study 

https://community.meraki.com/t5/Wireless/Weird-DNS-Issues/td-p/5352

www.thenetworkdna.com
0 Kudos
In response to Inderdeep
Cyrus777
Here to help
yesterday
yesterday

this does not apply to our case.

Thanks

0 Kudos
OCTOMG
Here to help
yesterday
yesterday

Do you happen to have Umbrella Protection enabled in your MX Threat Protection settings?  

 

We experienced a similar problem a couple of years ago and ultimately figured out that we needed to add our internal reverse lookup zones to the exclusion list to keep reverse queries from being routed to Umbrella.

0 Kudos
In response to OCTOMG
Cyrus777
Here to help
yesterday
yesterday

I have already added my domain to excluded from being routed to Cisco Umbrella section in threat protection.

Thanks for the comment 

0 Kudos
In response to Cyrus777
OCTOMG
Here to help
yesterday
yesterday

You added your reverse lookup zones for your internal IP subnets also (i.e. 168.192.in-addr.arpa)?  Just wanted to make sure.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Does changing the Traffic Analytics settings (under Network-Wide/General) make any difference to the issue?

 

PhilipDAth_1-1738264763700.png

 

 

 

0 Kudos
In response to PhilipDAth
Cyrus777
Here to help
yesterday
yesterday

what else can be done?

0 Kudos
In response to PhilipDAth
Cyrus777
Here to help
yesterday
yesterday

I made changes like disabling/ adding my domain/ adding IP range for my LAN.

none of them helped.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.