topic DNS-Problem WLC guest-WLAN in Wireless

DNS-Problem WLC guest-WLAN

Mike Farnschlaeder — Sun, 04 Jul 2021 07:53:49 GMT

Hi!

I have the following problem with Cisco 2504 WLAN Controller.

A customer of mine bought a certificate (GlobalSign) for the guest-wlan. This certificate was successfully
implemented by me.
But now I´m having problems with the DNS lookup (1.1.1.1 / wlan.mycustomer.de), because they don´t have any DNS-Server in their
WLAN-network. This network it completely physically seperated from their other networks. The WLAN-clients are going straight
to the router and internet respectively.

So I am not able to do a port forwarding of DNS via firewall into their main network.
The router is a AVM Fritzbox and unfortunately it is not possible to make any DNS host entries.

So what can I do? Any ideas?

They will not install any DNS-Server in this WLAN network!

Somebody told me that it is possible to make an A-record for the 1.1.1.1 at the provider´s side where the domain is located. But to be honest, I don´t know how this should work.

Thanks for any help!

DNS-Problem WLC guest-WLAN

Stephen Rodriguez — Fri, 20 Sep 2013 13:35:51 GMT

You can request your provider to put in the A-record for you, and as it is linked to your customers domain, it should be fine.

The only thing I caution against is that IANA gave out the 1.x/8 subnet to a company. So it is possible they could look out there and request that all records using their IP range be removed.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

DNS-Problem WLC guest-WLAN

Mike Farnschlaeder — Fri, 20 Sep 2013 13:57:40 GMT

So, does it make sense to change the virtual IP to 2.2.2.2, 3.3.3.3 or whatever instead of 1.1.1.1?

How do I know which IP is not given out by the IANA?

DNS-Problem WLC guest-WLAN

Stephen Rodriguez — Fri, 20 Sep 2013 14:04:34 GMT

You can go and check the IANA website to see what addresses are not assigned.

But I would just use 192.0.2.x/24 as this is reserved for documentation.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

DNS-Problem WLC guest-WLAN

Scott Fella — Sun, 22 Sep 2013 13:30:07 GMT

If the guest traffic is going straight out to the Internet, then you need to be able to resolve the FQDN of the certificate to the VIP of the WLC. If they don't have an external DNS server and you have to actually have the company who manages their external domain, make an entry for their FQDN of the certificate to be used. The VIP now has to be tied to one of their public address. This works, because I have had to do this many times because of either, no company owned external DNS server, they don't want to open a port on the FW to allow DNS internally and or the service provider will not add a bogus IP address in an a-record.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"