Right now I have a guest network with with 2 firewall rules that allow port 80 and 443 into the network. This is due to an app our employees use on their phones. We don't allow mobile devices on our network so these rules were put in to allow the api to connect. Our api can now be reached externally, so I tried to turn off ports 80 and 443 from our firewall and set a custom DNS of 8.8.8.8 for guest. The guest network should now have no access to the internal network with those rules removed, and the dns to the api should resolve to our external IP address. The problem is it's not. When I run a nslookup from a laptop on our guest network it is still pulling an internal IP address. When I run it from my cell phone hotspot it resolves to our public IP address.
I just found this article that says the process is the AP check it's DNS cache. I think it's still using cached data when making these lookups after I swapped to an external DNS server. How can I clear the cache in this ssid so it will actually use the 8.8.8.8 server instead of the cached data.
https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/DNS_and_NAT_Mode
