Meraki Community

tuaw · ‎Apr 13 2021

wLAN was working fine for a weak, but this moring the wLAN started dropping all DNS lookups. Including manual look ups with nslookup .

I disabled Cisco Umbrella, and DNS lookups started working again.

I gave it an hour, and then I re-enablingCisco Umbrella. DNS lookups seemed fine, but less 20 minutes later the wLAN started dropping DNS lookups again, and had to disable Cisco Umbrella.

Has anyone seen this issue before?
Any suggestions?

Brucer · ‎Aug 4 2021

I have the same problem. I have a case open with Meraki support who are attempting to reproduce in lab.

Here is what I have learned so far..

When Umbrella DNS protection applied through API (e.g. Appliance, SSID or Group Policy) DNS should be intercepted and redirected to Umbrella. This had been working until I implemented Umbrella AutoVPN integration.

DNS is still intercepted but packet capture shows it is egressing the VPN interface, not the Internet interface even though the VPN to which policy is applied is not participating in AutoVPN. According to

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Manually_Integrating_... this is expected (near the bottom "expected routing behavior") however the doco for Umbrella AutoVPN integration says to manually exclude DNS from the tunnel

https://documentation.meraki.com/MX/Site-to-site_VPN/MX_and_Umbrella_SIG_(UMB-SIG)_SD-WAN_Deployment... (at the bottom :DNS Policy Consideration"). THat should fix it but these measures have no effect. My only workaround until this is resolved is to revert to Network based policy. AS soon As i remove the Umbrella policy from the Meraki GP, the issue goes away.

Meraki Community

dns lookup failings when Cisco Umbrella Enabled on wLAN

dns lookup failings when Cisco Umbrella Enabled on wLAN