Why can't I specify DNS IP from my LAN?????
I am using the latest Controller installed on Ubuntu 22.04. I want to use our internal DNS as the default DNS for each VLAN. But when I try to specify those IP's for my WAN port static IP DNS it will not let me? It says something like 'that conflicts with your LAN IP range'. How do I set this up so I don't have to change ALL my VLANs to specify the internal DNS?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
You specify each LAN subnet's custom DNS IP's in the LAN definition...you do not try to assign them to the WAN port.
- Copy Link
- Report Inappropriate Content
@d0ugmac1 I understand that is where you define it for individual VLANs. But, since all of my VLANs point (by default) to the Omada Gateway, if I could set it's DNS to my internal LAN DNS it would make my life easier. It makes no sense to me that I can't point to a local DNS server.
- Copy Link
- Report Inappropriate Content
Actually it does make sense, especially when you remember that the Omada devices are 'gateways' and not full 'routers'. The gateway model presumes a NAT exists between WAN and LAN sides, and so cannot handle LAN IP's being part of a WAN port definition, as it presumes they should route TO the internet, not via NAT to the LAN (hence the error you saw). This is further complicated by the typically dynamic nature of the WAN port configuration being pushed by the ISP's DHCP. The correct way to override the 'default' setting of using the ISP-provided DNS servers, is to override them manually for each of your subnets, meaning the DHCP server which serves IP addresses to your LAN devices sends your local DNS server IP(s). You can 'paste' the IP address into the Controller field. If you have hundreds of subnets, look at the API to save some time.
- Copy Link
- Report Inappropriate Content
@d0ugmac1 I understand how they want me to do this. However, this is an enterprise level router. At the end of the day, it is routing between a WAN and a LAN. It is absolutely aware of my subnets (as evidenced by the error msg itself). I'm not a network newby. I understand how they work, and have been working in Networks for almost 20 years, Cisco certified, blah blah blah. I don't know if I have ever seen a router that can't use a LAN address as the DNS (I suppose I haven't tried on everything I have ever used). Routing from the WAN to the LAN is why you have a routing table. It's also how the router knows how to forward ports to the local LAN if configured. I even just checked my Ubiquity that I use at home, and it can also handle DNS from the local LAN. And, yes, I know this isn't a Ubiquity router. All I am saying is that there is no real reason to not allow it. And it is a common configuration.
At this point it doesn't really matter, I have updated all of the DHCP scopes to point to the local DNS servers. I just wish I didn't have to waste my time doing this.
- Copy Link
- Report Inappropriate Content
Hi @muzicman0
Thanks for posting in our business forum.
muzicman0 wrote
@d0ugmac1 I understand how they want me to do this. However, this is an enterprise level router. At the end of the day, it is routing between a WAN and a LAN. It is absolutely aware of my subnets (as evidenced by the error msg itself). I'm not a network newby. I understand how they work, and have been working in Networks for almost 20 years, Cisco certified, blah blah blah. I don't know if I have ever seen a router that can't use a LAN address as the DNS (I suppose I haven't tried on everything I have ever used). Routing from the WAN to the LAN is why you have a routing table. It's also how the router knows how to forward ports to the local LAN if configured. I even just checked my Ubiquity that I use at home, and it can also handle DNS from the local LAN. And, yes, I know this isn't a Ubiquity router. All I am saying is that there is no real reason to not allow it. And it is a common configuration.
At this point it doesn't really matter, I have updated all of the DHCP scopes to point to the local DNS servers. I just wish I didn't have to waste my time doing this.
Are you sure it's routing from WAN to LAN? DNS query received from LAN, then sent to the WAN, then back to LAN? Are you sure?
Client DNS query > Gateway LAN DNS(if not specified, default GW IP) > WAN DNS > WAN DNS > LAN IP?
My question is, how does it access from WAN after it passes NAT to a LAN DNS?
Client DNS query would be answered by the LAN DNS first unless you have something like DNS hijack to the WAN or a specific DNS address. Well, we don't. If not resolved, WAN DNS. You should prioritize the LAN DNS instead of the WAN.
- Copy Link
- Report Inappropriate Content
@Clive_A I'm clearly not communicating effectively. It would be easy to say 'of course it routes! it's a router!', but I understand there is more to it than that (IE: NAT). BUT, that really isnt my point.
As I have already made the changes on my VLAN config, I will just leave this alone.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 475
Replies: 6
Voters 0
No one has voted for it yet.