@muzicman0 

You specify each LAN subnet's custom DNS IP's in the LAN definition...you do not try to assign them to the WAN port.

  @muzicman0 

Actually it does make sense, especially when you remember that the Omada devices are 'gateways' and not full 'routers'.  The gateway model presumes a NAT exists between WAN and LAN sides, and so cannot handle LAN IP's being part of a WAN port definition, as it presumes they should route TO the internet, not via NAT to the LAN (hence the error you saw).  This is further complicated by the typically dynamic nature of the WAN port configuration being pushed by the ISP's DHCP.  The correct way to override the 'default' setting of using the ISP-provided DNS servers, is to override them manually for each of your subnets, meaning the DHCP server which serves IP addresses to your LAN devices sends your local DNS server IP(s).  You can 'paste' the IP address into the Controller field.  If you have hundreds of subnets, look at the API to save some time.

Hi @muzicman0 

Thanks for posting in our business forum.

muzicman0 wrote

  @d0ugmac1 I understand how they want me to do this.  However, this is an enterprise level router.  At the end of the day, it is routing between a WAN and a LAN.  It is absolutely aware of my subnets (as evidenced by the error msg itself).  I'm not a network newby.  I understand how they work, and have been working in Networks for almost 20 years, Cisco certified, blah blah blah.  I don't know if I have ever seen a router that can't use a LAN address as the DNS (I suppose I haven't tried on everything I have ever used).  Routing from the WAN to the LAN is why you have a routing table.  It's also how the router knows how to forward ports to the local LAN if configured.  I even just checked my Ubiquity that I use at home, and it can also handle DNS from the local LAN.  And, yes, I know this isn't a Ubiquity router.  All I am saying is that there is no real reason to not allow it.  And it is a common configuration.

 

At this point it doesn't really matter, I have updated all of the DHCP scopes to point to the local DNS servers.  I just wish I didn't have to waste my time doing this.

Are you sure it's routing from WAN to LAN? DNS query received from LAN, then sent to the WAN, then back to LAN? Are you sure?

Client DNS query > Gateway LAN DNS(if not specified, default GW IP) > WAN DNS > WAN DNS > LAN IP?

My question is, how does it access from WAN after it passes NAT to a LAN DNS?

Client DNS query would be answered by the LAN DNS first unless you have something like DNS hijack to the WAN or a specific DNS address. Well, we don't. If not resolved, WAN DNS. You should prioritize the LAN DNS instead of the WAN.