Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Split DNS

USMC92
USMC92
Here to help
‎01-31-2019 12:15 PM
‎01-31-2019 12:15 PM

Split DNS

Hola Meraki Community!

 

I'm upgrading a remote site from a Barracuda firewall to an MX64.  Now, this site currently has a "DNS Service" install on the Barracuda to split DNS.  This remote site has it's PCs domain joined (hence the current setup).  On the MX how am I able to do this (if necessary) to have normal internet requests go through ISP DNS, and only AD requests through the VPN tunnel?

0 Kudos
Reply
9 REPLIES 9
Highlighted
jdsilva
jdsilva
Kind of a big deal
‎01-31-2019 12:34 PM
‎01-31-2019 12:34 PM

Re: Split DNS

You can't do this on Meraki.

Reply
USMC92
USMC92
Here to help
‎02-01-2019 06:16 AM
‎02-01-2019 06:16 AM

Re: Split DNS

What would be "best practice" then so users can authenticate?  I typically setup IPsec tunnels, but don't want ALL their traffic flowing through the VPN.

0 Kudos
Reply
NolanHerring
NolanHerring
Kind of a big deal
‎02-01-2019 06:48 AM
‎02-01-2019 06:48 AM

Re: Split DNS

You just need to do split-tunneling then on the MX
 
Internet traffic goes out local, and traffic destined for 'internal' will go over the VPN.
 
DNS that you provide that subnet with should be internal DNS only if you want to ensure internal sites resolve.
 
See example below
 
 
 
5555.jpg
Nolan Herring | nolanwifi.com
TwitterLinkedIn
0 Kudos
Reply
USMC92
USMC92
Here to help
‎02-01-2019 06:54 AM
‎02-01-2019 06:54 AM

Re: Split DNS

Thanks for the image.  My only issue here is our corporate firewall is not Meraki, it's Barracuda.  So when I select Spoke, I have no option of manually creating the hub.  Under Organization-Wide Settings I do have the Non Meraki Peer created.

0 Kudos
Reply
NolanHerring
NolanHerring
Kind of a big deal
‎02-01-2019 07:39 AM
‎02-01-2019 07:39 AM

Re: Split DNS

Here are some links that might help with what your trying to achieve. I've personally no experience with non-meraki VPN peers:

http://www.willette.works/merging-meraki-vpns/

https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site-to-site_VPN_between_MX_Applian...

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Settings

https://community.meraki.com/t5/Security-SD-WAN/s2s-vpn-between-Meraki-and-Non-Meraki/td-p/2487

Nolan Herring | nolanwifi.com
TwitterLinkedIn
0 Kudos
Reply
PhilipDAth
PhilipDAth
Kind of a big deal
‎02-01-2019 04:50 PM
‎02-01-2019 04:50 PM

Re: Split DNS

@jdsilva is correct.  You should direct all your DNS requests to the AD servers.  The actual web browsing and the like will still go out the local circuit.

Reply
USMC92
USMC92
Here to help
‎02-04-2019 06:50 AM
‎02-04-2019 06:50 AM

Re: Split DNS

So for the subnet that requires this, manually set the DNS to our AD Servers under the DHCP settings of that subnet, correct?

0 Kudos
Reply
NolanHerring
NolanHerring
Kind of a big deal
‎02-04-2019 06:51 AM
‎02-04-2019 06:51 AM

Re: Split DNS

Correct. If your MX is handling DHCP/DNS, then make sure you have your AD/internal servers placed there because it will go over the VPN and allow internal sites to resolve.

If you put one internal and one public, your going to have issues so don't do that
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Reply
USMC92
USMC92
Here to help
‎02-05-2019 01:01 PM
‎02-05-2019 01:01 PM

Re: Split DNS

Thanks for all the help everyone!

0 Kudos
Reply
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Points Contest
Join us for a month-long contest with heaps of swag to win!

Learn More ›
© 2019 Meraki