Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DNS resolution question for DHCP clients

AlexGregoire
Here to help
‎Dec 19 2023 9:24 AM
‎Dec 19 2023 9:24 AM

DNS resolution question for DHCP clients

How does a Meraki security appliance choose the DNS server it contacts for a DHCP client request? Is it round-robin, random selection, or list of priority? An F5 network does/can do an order of precedence; most industry systems do round-robin by default. 

 

I'm toying with the idea of adding a public DNS server to the list of private ones we use for our split VPN tunnel campus hub-and-spoke organization. If the tunnel goes down, all DNS is currently lost; if a public server is at the end of the list, at least clients can get to the public Internet even if the hub campus is inaccessible. But we don't want DHCP clients to lose every 1 out of 4 DNS requests for a private campus service because 1 out of the 4 DNS servers doesn't have the right private IP information. 

0 Kudos
Subscribe
8 Replies 8
alemabrahao
Kind of a big deal
Kind of a big deal
‎Dec 19 2023 11:34 AM
‎Dec 19 2023 11:34 AM

If you are talking about Custom DNS, it is in the order of the configured list, from top to bottom.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
AlexGregoire
Here to help
‎Dec 19 2023 11:43 AM
‎Dec 19 2023 11:43 AM

Security & SD-Wan->Configure->DHCP

 

Screenshot 2023-12-19 at 1.36.25 PM.png

Subscribe
In response to AlexGregoire
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 19 2023 11:46 AM
‎Dec 19 2023 11:46 AM

In the case given in your screenshot, the MX is not doing DNS.  It is giving DNS servers to the client to use, and the policy used to access DNS will depend on that client.

Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 19 2023 11:39 AM
‎Dec 19 2023 11:39 AM

If you don't have custom DNS configured it uses the DNS servers configured on the WAN ports.

 

https://documentation.meraki.com/MX/DHCP/Configuring_DNS_Nameservers_for_DHCP 

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 19 2023 11:45 AM
‎Dec 19 2023 11:45 AM

>Is it round-robin, random selection, or list of priority?

 

Excellent question.  I don't know the answer.  Could you do a packet capture and let us know please?

0 Kudos
Subscribe
Brash
Kind of a big deal
Kind of a big deal
‎Dec 19 2023 1:51 PM
‎Dec 19 2023 1:51 PM

Not sure on the selection of DNS servers from the list.

I don't think the MX has any smarts to poll DNS servers and configure them based on whether they're reachable or not.

 

Note however that if you have domain joined clients, you'll hit issues if they are configured for public DNS servers.

0 Kudos
Subscribe
In response to Brash
alemabrahao
Kind of a big deal
Kind of a big deal
‎Dec 19 2023 2:32 PM
‎Dec 19 2023 2:32 PM

In fact, the MX has nothing to do with it, the client's device carries out the entire process, first it tries the first one, if it doesn't receive a response it tries the secondary one and so on.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
OVERKILL
Building a reputation
‎Dec 21 2023 8:28 AM
‎Dec 21 2023 8:28 AM

Yep, exactly. The list is provided to the client in the order it is configured on the MX, the client uses those resolvers in the order they are provided. 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.