Strange DNS Problems

SOLVED
NunoFlora
Here to help

Strange DNS Problems

I have a DNS problem in a network of 500 users, some devices connect to the wifi in one of the ssid and after connection ok they use chrome that tells them the dns did not respond i check the logs in meraki and see "DNS server did not respond".

I'm using google 8.8.8.8 and 8.8.4.4 but for some reason it gives me this errors but I can use a computer and ping 8.8.8.8 and 8.8.4.4 no problem but can't get dns in chrome our other web browser.

1 ACCEPTED SOLUTION

I still don't know what the problem is but changed dns to 1.1.1.1 and solved all the dns problems

View solution in original post

7 REPLIES 7
alemabrahao
Kind of a big deal
Kind of a big deal

Is The Client IP assignment  NAT mode or Bridge mode?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Inderdeep
Kind of a big deal
Kind of a big deal

@NunoFlora : Check this thread 

https://community.meraki.com/t5/Wireless-LAN/Weird-DNS-Issues/m-p/5352#M970

 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
PhilipDAth
Kind of a big deal
Kind of a big deal

If you use nslookup, can you resolve a DNS name?

 

Chrome changed over to using DNS over HTTPS at some stage, so it may not be sending DNS queries as you think.  I think it was optional initially and then became the default.  You could try a test and disable DNS over HTTPS on one machine and see if that changes the problem.

https://pureinfotech.com/enable-dns-over-https-chrome/ 

 

Are you using any third-party filtering software, either for DNS or HTTPS?

MerryAki
Building a reputation

I would also mention DNS over TLS as a possible problem. Try to do a trace route anc check for rules that block traffic to the DNS Server/s.

Another thing that might be required at some point is DNSSEC, give 9.9.9.9 a chance. (Cloudflare is of course a good one, too, but not in terms of security and threat defending)

@MerryAki I have to agree with you here.

 

My thoughts:


If he can ping successfully, but can’t visit web pages through browsers; then we know the issue lies with “host names not resolving”.


I would capture the DNS traffic and find out where it’s getting dropped. Then check the ACL to see if DNS traffic is allowed on port 53. Cheers!

I still don't know what the problem is but changed dns to 1.1.1.1 and solved all the dns problems

MerryAki
Building a reputation

Or try preselecting Google or Cisco Umbrella DNS

But yes, cloudflare is performing better ✌️

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels